-
Bug
-
Resolution: Won't Do
-
Normal
-
None
-
rhel-9.3.0
-
None
-
Moderate
-
rhel-systemd
-
ssg_core_services
-
5
-
False
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
Unspecified
-
None
What were you trying to do that didn't work?
The server is domain joined via winbind (not sssd). There is a domain user with linger enabled that has a service which needs to run at boot. However we get an error at boot and the service does not start:
sudo journalctl -b | grep linger Mar 20 13:22:31 encoder systemd-logind[1095]: Couldn't add lingering user JA\\encoder, ignoring: No such process
However once the user logs in, the service starts and works fine. From the logs it looks like winbind starts shortly after this error message is generated. I have other systems that are joined using SSSD and have user systemd units, these work fine. I assume the core issue here is that when logind starts it cannot look up the uid since winbind hasn't started yet.
$ loginctl user-status JA\\encoder
JA\encoder (2003494)
Since: Wed 2024-03-20 13:22:31 CDT; 1h 14min ago
State: lingering
Linger: yes
Unit: user-2003494.slice
└─user@2003494.service
├─app.slice
│ └─pdf-hotfolder.service
│ ├─ 1668 bash /home/encoder@JA/PDFRasterizer/poll.sh
│ └─225862 sleep .5
└─init.scope
├─1491 /usr/lib/systemd/systemd --user
└─1603 "(sd-pam)"
$ getent passwd JA\\encoder JA\encoder:*:2003494:2000513:JA\encoder:/home/encoder@JA:/bin/bash
I also tried adding the above passwd entry directly into /etc/passwd as an attempt to bypass this issue. However this did not resolve the issue on it's own.
I then added a second file here:
$ ls -l /var/lib/systemd/linger/ total 0 -rw-r--r--. 1 root root 0 Mar 20 13:15 'JA\\encoder' -rw-r--r--. 1 root root 0 Mar 20 13:10 'JA\encoder'
Oddly, this worked. I tried all combinations of having only one of the two files here, with and without an explicit passwd entry, nothing seems to work except for this combination of having both JA
encoder and JA\encoder in linger, and the passwd entry.
loginctl enable-linger adds the one with the single slash.
----- smb.conf for reference
[global] log level = 3 security = ads kerberos method = secrets and keytab idmap config JA : range = 2000000-2999999 idmap config JA : backend = rid idmap config * : range = 10000-999999 idmap config * : backend = tdb winbind use default domain = no winbind refresh tickets = yes winbind offline logon = yes winbind enum groups = no winbind enum users = no template homedir = /home/%U@%D template shell = /bin/bash server min protocol = SMB2_02 server multi channel support = no disable netbios = yes restrict anonymous = 2 kernel change notify = yes obey pam restrictions = no dos filemode = yes vfs objects = acl_xattr streams_xattr #store dos attributes = yes nt acl support = no realm = JA.LOCAL workgroup = JA [pdf_fileserver] path = /srv/pdf_fileserver read only = no create mask = 660 directory mask = 770
