On Mi, 22.05.19 10:02, Ulrich Windl (Ulrich.Windl@xxxxxxxxxxxxxxxxxxxx) wrote: > Hi! > > Obviously the owner of a temporary directory cannot be an LDAP user: system users should really not be located on LDAP: https://systemd.io/UIDS-GIDS.html#notes-on-resolvability-of-user-and-group-names > May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open: do_start_tls > failed:stat=-1 > May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss_ldap: could not search LDAP > server - Server is unavailable > May 22 09:02:48 v04 systemd[1]: systemd-tmpfiles-setup.service: Main process > exited, code=exited, status=1/FAILURE Hmm, we actually log about all errors we encounter. Is it possible that the nss-ldap module (which iirc is obsolete and unmaintained these days?) does an exit(1) or so? Either way, if we receive an error from NSS and don't log about it, that'd be a bug, but please confirm with a current systemd version, or contact your downstream who will do that and then propagate this to us. You can also set the "SYSTEMD_LOG_LEVEL=debug" env var to get more detailed output. i.e. use "systemctl edit systemd-tmpfiles.service", then type in: [Service] Environment=SYSTEMD_LOG_LEVEL=debug then save and reboot. > The basic problem is that LDAP needs network (which isn't up at this point). > But still, it's hard to tell from the logged messages which entry actually > caused the problem. From what I see "root" is the only user being used, and > that user is local in /etc/passwd. /etc/nsswitch.conf has "passwd: compat"... > > I can create the missing directories later running "systemctl start > systemd-tmpfiles-setup", but SLES has: > /usr/lib/tmpfiles.d/systemd-nologin.conf:F! /run/nologin 0644 - - - "System is > booting up. See pam_nologin(8)" > > Which effectively locks out users when doing so. You can invoke the binary from shell prompt: systemd-tmpfiles --create --clean --remove If you don't specify --boot then lines like the /run/nologin one won't be honoured. Lennart -- Lennart Poettering, Berlin _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: systemd-tmpfiles-setup.service failed due to LDAP resolving
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: systemd-tmpfiles-setup.service failed due to LDAP resolving
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Wed, 22 May 2019 10:30:28 +0200
- Cc: "systemd-devel@xxxxxxxxxxxxxxxxxxxxx" <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <5CE50220020000A1000315CF@gwsmtp.uni-regensburg.de>
- References: <5CE50220020000A1000315CF@gwsmtp.uni-regensburg.de>
- Follow-Ups:
- Re: systemd-tmpfiles-setup.service failed due to LDAP resolving
- From: Mantas Mikulėnas
- Antw: Re: systemd-tmpfiles-setup.service failed due to LDAP resolving
- From: Ulrich Windl
- Re: systemd-tmpfiles-setup.service failed due to LDAP resolving
- References:
- systemd-tmpfiles-setup.service failed due to LDAP resolving
- From: Ulrich Windl
- systemd-tmpfiles-setup.service failed due to LDAP resolving
- Prev by Date: Re: Failed to open system journal: Invalid argument
- Next by Date: Re: dbus-daemon keep shown as zombie process why ?
- Previous by thread: systemd-tmpfiles-setup.service failed due to LDAP resolving
- Next by thread: Antw: Re: systemd-tmpfiles-setup.service failed due to LDAP resolving
- Index(es):
 |