wicked and other systemd services not starting up correctly.

This document (7020915) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 Service Pack 2 (SLES 12 SP2)

Situation

The system is configured to use LDAP authentication, and displaying the following errors during start up: 

systemd[1]: Failed to subscribe to activation signal: Connection timed out

dbus-daemon[984]: nss_ldap: failed to bind to LDAP server ldap://server.domain.name:389: Can't contact LDAP server
dbus[984]: [system] Failed to activate service 'org.freedesktop.systemd1': timed out
systemd-logind[1101]: Failed to enable subscription: Connection timed out

Wicked, systemd-logind failed to startup.

Resolution

The solution is to make sure the LDAP server is accessible for authentication.

Alternatively, it is possible to reconfigure the LDAP bind policy using YaST and add  bind_policy soft option to  /etc/ldap.conf

Cause

When the LDAP server can temporarily not be reached during system boot, and a bind policy is not specified, LDAP will default to using a 'hard' policy.

In such default configuration, LDAP will continue to try and open a connection to the LDAP server until it eventually times out and fails.

During this process DBus daemon fails to register many services and in turn leads to logind and systemd being unable to register with the system bus.

Additional Information

From "man nss_ldap"  :

bind_policy <hard_open|hard_init|soft>
   
    Specifies the policy to use for reconnecting to an unavailable LDAP server. The default is hard_open,which reconnects if opening the connection to  the directory server failed. By contrast, hard_initreconnects if initializing the connection failed. Initializing may not actually contact the  directory server, and it is possible that a malformed configuration file will trigger reconnection. If soft is specified, then nss_ldap will return immediately on server failure. All "hard" reconnect policies block with exponential backoff before retrying.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7020915
  • Creation Date: 14-Jun-2017
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center