0

we have many ubuntu servers that are joined to active directory using sssd. However, domain users are unable to login when the root partition reaches full capacity.

After some research I found the following thread: https://bugzilla.redhat.com/show_bug.cgi?id=849538 which suggested to solve the issue (or rather avoid it) by placing /var/lib/sss on a separate partition and that is exactly what I did. (supposedly there must be room left in /var/lib/sss directory for logins to succeed)

I was very disappointed to discover that this solution is proven false. my root partition reached full capacity, while /var/lib/sss still has plenty of room. domain users are still unable to connect.

any suggestions?

(obviously making sure the root partition doesn't get full is the ideal solution, but sadly we do not live in an ideal world..)

GKman
  • 405
  • 1
  • 6
  • 15
  • 1
    Check sssd's logs and raise the debugging level if necessary, to find out more clues to the actual problem. – Michael Hampton Jun 23 '20 at 13:25
  • 1
    Filling up the root partition could lead to a number of really nasty surprises. Preventing the root partition (or any system partition for that matter) from filling up is not an "ideal solution", it is a necessity. You are trying to solve the symptom, not the problem. – Lacek Jun 24 '20 at 08:35

1 Answers1

0

In my environment /var is a separate filesystem. I think you can try separate /var instead of /var/lib/sss. Because when users login some logs writing in /var/log/. I think best practise not only separate /var, you must separate /usr, /tmp, /opt, / and /home. You can do this with LVM.

Burak Talha Bolat
  • 125
  • 1
  • 6
  • Personally I think separating all these directories are a bit of an overkill and wastes quite a bit of space. Regardless, I am hoping to find the root cause of the failure and form a solution around that (even if it does end up being to separate /var into another partition) – GKman Jun 23 '20 at 13:10