Categories
SysOps

How to check System Security Services Daemon configuration

Check System Security Services Daemon configuration.

Use sssctl utility from sssd-tools package to inspect sssd configuration.

$ sudo sssctl config-check
Issues identified by validators: 0

Messages generated during configuration merging: 0

Used configuration snippet files: 0

Exit code will indicate success.

$ echo $?
0

Sample issue with option in wrong section.

[sssd]
domains = example.org
config_file_version = 2
services = nss, pam
sudo_provider = none

[...]
$ sudo sssctl config-check
Issues identified by validators: 1
[rule/allowed_sssd_options]: Attribute 'sudo_provider' is not allowed in section 'sssd'. Check for typos.

Messages generated during configuration merging: 0

Used configuration snippet files: 0

Sample issue with comments.

[sssd]
domains = example.org
config_file_version = 2
services = nss, pam
debug_level = 10 
              # debug_level: max

[...]
$ sudo sssctl config-check
(2021-09-22 22:49:04:997222): [sssd] [sss_ini_parse] (0x0010): Failed to parse configuration. Error 5.
(2021-09-22 22:49:04:997308): [sssd] [sss_ini_parse] (0x0010): Errors detected while parsing: /etc/sssd/sssd.conf
(2021-09-22 22:49:04:997328): [sssd] [sss_ini_config_print_errors] (0x0010): Error (5) on line 7: Equal sign is missing.
(2021-09-22 22:49:04:997347): [sssd] [sss_ini_read_sssd_conf] (0x0010): Failed to parse configuration.
Failed to load configuration from /etc/sssd/sssd.conf.

Exit code will indicate failure.

$ echo $?
1