SUSE Support

Here When You Need Us

Unable to login to server with users being authenticated over SSSD

This document (000019632) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12  All Support Packs
SUSE Linux Enterprise Server 15 All Support Packs

Situation

Unable to login to the server using ssh and also on the console. Below errors observed.
# systemctl status sssd
 sssd.service - System Security Services Daemon
 Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
 Active: inactive (dead) since Sat 2020-05-09 02:34:23 UTC; 6s ago
 Process: 62962 ExecStart=/usr/sbin/sssd -i -f (code=exited, status=0/SUCCESS)
 Main PID: 62962 (code=exited, status=0/SUCCESS)
sssd[62962]: Killing service [LDAP], not responding to pings!
sssd[be[103181]: Starting up
sssd[62962]: Killing service [LDAP], not responding to pings!
sssd[62962]: [LDAP][103181] is not responding to SIGTERM. Sending SIGKILL.
sssd[be[104316]: Starting up
sssd[62962]: Killing service [LDAP], not responding to pings!
sssd[62962]: [LDAP][104316] is not responding to SIGTERM. Sending SIGKILL.
systemd[1]: Stopping System Security Services Daemon...
sssd[95491]: Shutting down
systemd[1]: Stopped System Security Services Daemon.
The SSSD daemon is never successfully started. It always shows starting up and finally shutting down.

Resolution

In the sssd configuration file (/etc/sssd/sssd.conf),
It was observed that the parameter "enumerate" was set to true.
enumerate = True

You need to set the enumerate to false for the sssd daemon to start successfully.
enumerate = False

Restart sssd service
 
# systemctl restart sssd.service
# systemctl status sssd
sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor
preset: disabled)
Active: active (running) since Wed 2020-05-13 10:12:59 UTC; 4s ago
Main PID: 155730 (sssd)
Tasks: 5 (limit: 512)
CGroup: /system.slice/sssd.service
155730 /usr/sbin/sssd -i -f
155734 /usr/lib/sssd/sssd_be --domain LDAP --uid 0 --gid 0 --debug-to-files
155735 /usr/lib/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
155736 /usr/lib/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
155737 /usr/lib/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
May 13 10:12:58 hedcb027 systemd[1]: Starting System Security Services Daemon...
May 13 10:12:58 hedcb027 sssd[155730]: Starting up
May 13 10:12:58 hedcb027 sssd[be[155734]: Starting up
May 13 10:12:58 hedcb027 sssd[155735]: Starting up
May 13 10:12:58 hedcb027 sssd[155737]: Starting up
May 13 10:12:58 hedcb027 sssd[155736]: Starting up
May 13 10:12:59 hedcb027 systemd[1]: Started System Security Services Daemon.

Cause

  • Enabling enumeration has a moderate performance impact on SSSD while enumeration is running. It may take up to several minutes after SSSD startup to fully complete enumerations. During this time, individual requests for information will go directly to LDAP, though it may be slow, due to the heavy enumeration processing. Saving a large number of entries to cache after the enumeration completes might also be CPU intensive as the memberships have to be recomputed.
  • While the first enumeration is running, requests for the complete user or group lists may return no results until it completes.
  • Further, enabling enumeration may increase the time necessary to detect network disconnection, as longer timeouts are required to ensure that enumeration lookups are completed successfully. For more information, refer to the man pages for the specific id_provider in use.
  • For the reasons cited above, enabling enumeration is not recommended, especially in large environments.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000019632
  • Creation Date: 26-May-2020
  • Modified Date:23-Oct-2020
    • SUSE Linux Enterprise Desktop
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.