By default the following errors are reported by sssd: [sssd] [main] (0x0070): Misconfiguration found for the nss responder. The nss responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the nss's socket by calling: "systemctl disable sssd-nss.socket" This is caused, by a dedicated systemd socket while listing the units as services in the sssd.conf: ● sssd-nss.socket loaded failed failed SSSD NSS Service responder socket ● sssd-pam-priv.socket loaded failed failed SSSD PAM Service responder private socket services = nss, pam As far as known, this is not causing any technical issues, but could be fixed in the future.
Output of journalctl after `systemctl restart sssd`: === Mär 31 15:27:18 primary20 systemd[1]: Started sssd.service - System Security Services Daemon. Mär 31 15:27:18 primary20 systemd[1]: Starting sssd-nss.socket - SSSD NSS Service responder socket... Mär 31 15:27:18 primary20 systemd[1]: Starting sssd-pam-priv.socket - SSSD PAM Service responder private socket... Mär 31 15:27:18 primary20 sssd_check_socket_activated_responders[8823]: [sssd] [main] (0x0070): Misconfiguration found for the pam responder. Mär 31 15:27:18 primary20 sssd_check_socket_activated_responders[8823]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/> Mär 31 15:27:18 primary20 sssd_check_socket_activated_responders[8823]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by callin> Mär 31 15:27:18 primary20 sssd_check_socket_activated_responders[8823]: "systemctl disable sssd-pam.socket" Mär 31 15:27:18 primary20 systemd[1]: sssd-pam-priv.socket: Control process exited, code=exited, status=17/n/a Mär 31 15:27:18 primary20 systemd[1]: sssd-pam-priv.socket: Failed with result 'exit-code'. Mär 31 15:27:18 primary20 systemd[1]: Failed to listen on sssd-pam-priv.socket - SSSD PAM Service responder private socket. Mär 31 15:27:18 primary20 systemd[1]: Dependency failed for sssd-pam.socket - SSSD PAM Service responder socket. Mär 31 15:27:18 primary20 systemd[1]: sssd-pam.socket: Job sssd-pam.socket/start failed with result 'dependency'. Mär 31 15:27:18 primary20 sssd_check_socket_activated_responders[8822]: [sssd] [main] (0x0070): Misconfiguration found for the nss responder. Mär 31 15:27:18 primary20 sssd_check_socket_activated_responders[8822]: The nss responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/> Mär 31 15:27:18 primary20 sssd_check_socket_activated_responders[8822]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the nss's socket by callin> Mär 31 15:27:18 primary20 systemd[1]: sssd-nss.socket: Control process exited, code=exited, status=17/n/a Mär 31 15:27:18 primary20 sssd_check_socket_activated_responders[8822]: "systemctl disable sssd-nss.socket" Mär 31 15:27:18 primary20 systemd[1]: sssd-nss.socket: Failed with result 'exit-code'. Mär 31 15:27:18 primary20 systemd[1]: Failed to listen on sssd-nss.socket - SSSD NSS Service responder socket. Mär 31 15:27:18 primary20 systemd[1]: Starting sssd-autofs.socket - SSSD AutoFS Service responder socket... Mär 31 15:27:18 primary20 systemd[1]: Starting sssd-pac.socket - SSSD PAC Service responder socket... Mär 31 15:27:18 primary20 systemd[1]: Starting sssd-ssh.socket - SSSD SSH Service responder socket... Mär 31 15:27:18 primary20 systemd[1]: Starting sssd-sudo.socket - SSSD Sudo Service responder socket... Mär 31 15:27:18 primary20 systemd[1]: Listening on sssd-ssh.socket - SSSD SSH Service responder socket. Mär 31 15:27:18 primary20 systemd[1]: Listening on sssd-pac.socket - SSSD PAC Service responder socket. Mär 31 15:27:18 primary20 systemd[1]: Listening on sssd-autofs.socket - SSSD AutoFS Service responder socket. Mär 31 15:27:18 primary20 systemd[1]: Listening on sssd-sudo.socket - SSSD Sudo Service responder socket. ===
The package `sssd-common` ships all these funky .service units. https://docs.pagure.org/sssd.sssd/design_pages/systemd_activatable_responders.html If possible I'd rather disable those, because we only want/need pam & nss, but those we want to have as reliable and low latency as possible.
An other customer reported that. And the faulty status popped up in their own monitoring showing dead services.
Workaround for this bug: systemctl disable sssd-nss.socket sssd-pam.socket sssd-pam-priv.socket systemctl mask sssd-nss.socket sssd-pam.socket sssd-pam-priv.socket systemctl restart sssd.service systemctl reset-failed systemctl --failed UNIT LOAD ACTIVE SUB DESCRIPTION 0 loaded units listed.