LDAP users no longer have home folders

[bobpaul]

Since updating from FreeNAS-9.3-STABLE-201504152200 to FreeNAS-9.3-STABLE-201509282017 our LDAP users no longer have home folders.

Example (note the empty field before the shell):
$ getent passwd
user.one:*:10028:513:System User::/bin/sh
user.two:*:10039:513:System User::/bin/sh

This has broken samba home shares as well as user ssh. I haven't gotten a chance to revert back to FreeNAS-9.3-STABLE-201504152200, but all of our servers were rebooted during the FreeNAS upgrade and the other systems fill correct path.

I found https://bugs.freenas.org/issues/7035 which looks like it might be related, but I don't even see a
/usr/local/etc/sssd/sssd.conf on my system.

 

[dlavigne]

Since updating from FreeNAS-9.3-STABLE-201504152200 to FreeNAS-9.3-STABLE-201504152200

Just to verify, was that a bad paste on the before and after versions? If so, which version are you on now?

 

[bobpaul]

Whoops, yes. We're on FreeNAS-9.3-STABLE-201509282017 now. Looking at the generate_sssd_conf.py it looks like we don't have an sssd.conf because we have our LDAP set for anonymous binding. When I uncheck anonymous binding then 'service ix-sssd start' works but 'service sssd start' fails with

Code:

# service sssd start
Starting sssd.
Shared object "libnss3.so.1" not found, required by "sssd"
/usr/local/etc/rc.d/sssd: WARNING: failed to startsssd

On our replication server we have the same issue (no home folders) if we use anonymous bind, but I just tried turning off anonymous bind and the replication server (also FreeNAS-9.3-STABLE-201509282017) works fine; sssd starts and home folders are populated.

libnss3.so.1 exists on both systems and has the same SHA256

Code:

# sha256 /usr/local/lib/nss/libnss3.so.1
SHA256 (/usr/local/lib/nss/libnss3.so.1) = c04b8d1dbbb34426b0bd9fa366183a4e81316a527e8d08625eabdb6beb81fe9d

I rolled back our primary server to FreeNAS-9.3-STABLE-201504152200 so and users are able to access their CIFS home shares and ssh again; it does work after rollback. I plan to delete the FreeNAS-9.3-STABLE-201509282017 boot environment and attempt the upgrade again this weekend unless someone has a better idea. I don't understand why sssd can't find libnss3.so.1 when it's in the same spot as the server that's working.

But it looks like there's a bug in anonymous bind which prevents home folders from populating and something seems to have gone wrong during the upgrade which is preventing sssd from starting on one of the servers.

 

[dlavigne]

Sounds like a bug. Please create a report at bugs.freenas.org and post the issue number here.

 

[bobpaul]

Anonymous Binding Bug: https://bugs.freenas.org/issues/11833

I'll report the sssd failing to start issue later. I'd like to investigate it a bit more, first, since it's only happening on the one server.