You are not logged in.

#1 2018-12-31 10:31:23

Harey
Member
From: Bavaria, Germany
Registered: 2007-03-24
Posts: 328

systemd 240.0 fails with NIS user login

systemd 240.0-1 is not able to login with NIS provided users while 239.370-1 is. On my network machines user logins are provided via NIS and this has been working like a charm until the update to systemd 240.0-1 landed in testing. Now I get the following warning in journald's output when trying to log into kde via sddm:

Starting User Manager for UID 1000...
user@1000.service: Failed to determine user credentials: Invalid argument
user@1000.service: Failed at step USER spawning /usr/lib/systemd/systemd: Invalid argument
user@1000.service: Failed with result 'protocol'.
Failed to start User Manager for UID 1000.

Starting the DE fails and shows only the requester 'cannot sync to dbus environment'.

Downgrading to systemd 239.370-1 via

pacman -U libsystemd-239.370-1-x86_64.pkg.tar.xz systemd-239.370-1-x86_64.pkg.tar.xz systemd-sysvcompat-239.370-1-x86_64.pkg.tar.xz

solves the issue and the logins work again.

Hmm, could this be another incarnation of https://bugs.archlinux.org/task/61177?s … &closedto= ?

Last edited by Harey (2018-12-31 10:43:44)


Linux is like a wigwam: No Gates, no Windows and an Apache inside

Offline

#2 2018-12-31 20:52:20

loqs
Member
Registered: 2014-03-06
Posts: 9,291

Re: systemd 240.0 fails with NIS user login

Build systemd with 2b2b7228bffef626fe8e9f131095995f3d50ee3b reverted and see if that is the cause?

Offline

#3 2019-01-05 08:07:04

Harey
Member
From: Bavaria, Germany
Registered: 2007-03-24
Posts: 328

Re: systemd 240.0 fails with NIS user login

Still valid for systemd 240.0-2. Okay, so it is a different one. Downgrade to systemd 239.370-1 fixed it (again). Looks like I have to file my own bug report...

Last edited by Harey (2019-01-05 08:15:47)


Linux is like a wigwam: No Gates, no Windows and an Apache inside

Offline

#4 2019-01-06 16:32:16

loqs
Member
Registered: 2014-03-06
Posts: 9,291

Re: systemd 240.0 fails with NIS user login

As you need an explanation of how to bisect systemd.
The following assumes the base-devel group is installed and I recommend enabling Makepkg#Parallel_compilation to reduce build times

$ git clone git://git.archlinux.org/svntogit/packages.git --single-branch --branch "packages/systemd"
$ cp -r packages/trunk systemd
$ rm -rf packages
$ makepkg -rsi #this is to confirm systemd as built on your system has the issue

$ cd systemd/src/systemd-stable
$ git bisect start
$ git bisect bad
$ git checkout v239
$ git apply ../../0001-Use-Arch-Linux-device-access-groups.patch
$ rm -rf build
$ cd ../..
$ makepkg -ersi #this is to confirm systemd 239 as built on your system does not have the issue

$ cd systemd/src/systemd-stable
$ git reset --hard
$ git bisect good
$ rm -rf build
$ cd ../..
$ makepkg -ersi #test the bisection point

$ cd systemd/src/systemd
$ git reset --hard
$ git bisect $result #substitute good or bad here
$ git apply ../../0001-Use-Arch-Linux-device-access-groups.patch
$ rm -rf build
$ cd ../..
$ makepkg -ersi #repeat these seven lines and test the generated package until git has found the bad commit

Last edited by loqs (2019-01-06 16:33:29)

Offline

#5 2019-01-06 20:03:25

Harey
Member
From: Bavaria, Germany
Registered: 2007-03-24
Posts: 328

Re: systemd 240.0 fails with NIS user login

I am on a short holiday for the next days but I will see if what I can do after that. Thank you for the explanantion. This is something that I have never done before. Sounds like fun wink


Linux is like a wigwam: No Gates, no Windows and an Apache inside

Offline

#6 2019-01-21 16:34:34

Harey
Member
From: Bavaria, Germany
Registered: 2007-03-24
Posts: 328

Re: systemd 240.0 fails with NIS user login

@loqs: Ok, so I had a look at what you and Dave Reisner in the bug report are suggesting to do.
Dave provided a diff between 239 and 240 that looks like this:

Showing 1,975 changed files with 100,403 additions and 46,728 deletions

I am not the one to give up early but this is far out of my scope. I changed all machines back to local login for now.
FWIW: still a valid bug for systemd 240.34-3


Linux is like a wigwam: No Gates, no Windows and an Apache inside

Offline

#7 2019-01-23 09:43:39

Maoro
Member
Registered: 2019-01-23
Posts: 1

Re: systemd 240.0 fails with NIS user login

I am experiencing the exact same issue as Harey.

As suggested by loqs, I bisected systemd and found that the commit  a8b627aaed409a15260c25988970c795bf963812 is to blame.

The documentation of this commit states the following:

The fs.nr_open and fs.file-max sysctls are now automatically bumped
to the highest possible values, as separate accounting of file
descriptors is no longer necessary, as memcg tracks them correctly as
part of the memory accounting anyway. Thus, from the four limits on
file descriptors currently enforced (fs.file-max, fs.nr_open,
RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
and keep only the latter two. A set of build-time options
(-Dbump-proc-sys-fs-file-max=no and -Dbump-proc-sys-fs-nr-open=no)
has been added to revert this change in behaviour, which might be
an option for systems that turn off memcg in the kernel.

I can confirm that disabling it with the mentioned build-time options fixes the issue in v240.34-3.

Offline

#8 2019-01-23 10:34:32

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 547
Website

Re: systemd 240.0 fails with NIS user login

Just as a side-note and possible alternative:
Since Arch removed the NIS stuff from the official repositories and most recommendations to setup centralized user management nowadays suggest LDAP, I migrated the infrastructure I maintain on a club house from NIS to OpenLDAP.
It took me a good while to work my way into it, but it certainly was worth the effort.

Offline

#9 2019-01-23 11:17:33

Harey
Member
From: Bavaria, Germany
Registered: 2007-03-24
Posts: 328

Re: systemd 240.0 fails with NIS user login

Maoro wrote:

I am experiencing the exact same issue as Harey.

As suggested by loqs, I bisected systemd and found that the commit  a8b627aaed409a15260c25988970c795bf963812 is to blame.
I can confirm that disabling it with the mentioned build-time options fixes the issue in v240.34-3.

I am so glad someone has sorted this out. Thank you so much! Would you mind posting your findings in the bug report here:
https://bugs.archlinux.org/task/61280

Greetings
Harvey


Linux is like a wigwam: No Gates, no Windows and an Apache inside

Offline

#10 2019-01-23 11:30:14

Harey
Member
From: Bavaria, Germany
Registered: 2007-03-24
Posts: 328

Re: systemd 240.0 fails with NIS user login

schard wrote:

Just as a side-note and possible alternative:
Since Arch removed the NIS stuff from the official repositories and most recommendations to setup centralized user management nowadays suggest LDAP, I migrated the infrastructure I maintain on a club house from NIS to OpenLDAP.
It took me a good while to work my way into it, but it certainly was worth the effort.

Yes, you are certainly rigt, especially if you read Lennart Poettering's thoughts about NIS... I was trying hard on migrating our setup to openldap but I couldn't get it to work on the short end. The Arch wiki has some articles but the solution proposed there was not working for me. I stopped then because I did not know if it was misconfiguration on my side or simply the same bug as for YP. Does it work for you with an up-to-date archlinux installation on both server and client side? I really would like to sort this one out. Would you by chance mind sharing your config files or some hints?

Greetings
Harvey


Linux is like a wigwam: No Gates, no Windows and an Apache inside

Offline

#11 2019-01-23 11:45:08

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 547
Website

Re: systemd 240.0 fails with NIS user login

Harey wrote:

The Arch wiki has some articles but the solution proposed there was not working for me. I stopped then because I did not know if it was misconfiguration on my side or simply the same bug as for YP.

I had the same issues when I attempted the migration the first time and did the same (gave up and continued using NIS).
But at some point during a long weekend last summer, I finally decided to work myself through it.

Harey wrote:

Does it work for you with an up-to-date archlinux installation on both server and client side? I really would like to sort this one out. Would you by chance mind sharing your config files or some hints?

Yes. That's exactly my setup. If I find the time over the weekend, I will write short blog entry on my website about the quirks I encountered and maybe will update the Wiki accordingly.

Last edited by schard (2019-01-23 11:46:00)

Offline

#12 2019-01-23 11:58:38

Harey
Member
From: Bavaria, Germany
Registered: 2007-03-24
Posts: 328

Re: systemd 240.0 fails with NIS user login

schard wrote:

I will write short blog entry on my website about the quirks I encountered and maybe will update the Wiki accordingly.

I would really appreciate that very very much. Maybe you give a small wink when you are done?


Linux is like a wigwam: No Gates, no Windows and an Apache inside

Offline

#13 2019-01-24 14:54:58

loqs
Member
Registered: 2014-03-06
Posts: 9,291

Re: systemd 240.0 fails with NIS user login

Does setting LimitNOFILE=16384 in systemd-logind.service allow NIS to function?

Offline

#14 2019-01-24 17:19:59

Harey
Member
From: Bavaria, Germany
Registered: 2007-03-24
Posts: 328

Re: systemd 240.0 fails with NIS user login

loqs wrote:

Does setting LimitNOFILE=16384 in systemd-logind.service allow NIS to function?

Nope. Same behavior. sad

Jan 24 18:14:10 schoenfix sddm-helper[529]: pam_unix(sddm:session): session opened for user ditmar by (uid=0)
Jan 24 18:14:10 schoenfix systemd[1]: Created slice User Slice of UID 1002.
Jan 24 18:14:10 schoenfix systemd[1]: Starting User Runtime Directory /run/user/1002...
Jan 24 18:14:10 schoenfix systemd-logind[384]: New session 4 of user ditmar.
Jan 24 18:14:10 schoenfix systemd[1]: Started User Runtime Directory /run/user/1002.
Jan 24 18:14:10 schoenfix audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@1002 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 24 18:14:10 schoenfix kernel: audit: type=1130 audit(1548350050.987:44): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@1002 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 24 18:14:10 schoenfix systemd[1]: Starting User Manager for UID 1002...
Jan 24 18:14:11 schoenfix systemd[588]: user@1002.service: Failed to determine user credentials: Invalid argument
Jan 24 18:14:11 schoenfix systemd[588]: user@1002.service: Failed at step USER spawning /usr/lib/systemd/systemd: Invalid argument
Jan 24 18:14:11 schoenfix systemd[1]: user@1002.service: Failed with result 'protocol'.
Jan 24 18:14:11 schoenfix systemd[1]: Failed to start User Manager for UID 1002.
Jan 24 18:14:11 schoenfix audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@1002 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jan 24 18:14:11 schoenfix kernel: audit: type=1130 audit(1548350051.007:45): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@1002 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jan 24 18:14:11 schoenfix systemd[1]: Started Session 4 of user ditmar.
Jan 24 18:14:11 schoenfix sddm-helper[529]: Starting: "/usr/share/sddm/scripts/Xsession \"/usr/bin/startkde\""
Jan 24 18:14:11 schoenfix sddm-helper[589]: Adding cookie to "/home/ditmar/.Xauthority"
Jan 24 18:14:11 schoenfix sddm[446]: Session started

sddm falls back to the login screen and a big requester from Xorg comes up: 'Could not sync environment to dbus'

Last edited by Harey (2019-01-24 17:28:14)


Linux is like a wigwam: No Gates, no Windows and an Apache inside

Offline

Board footer

Powered by FluxBB