[Bug 260628] FreeBSD 12.3-Release got stuck during the boot process after the update (maybe nsswitch issue?)

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260628

            Bug ID: 260628
           Summary: FreeBSD 12.3-Release got stuck during the boot process
                    after the update (maybe nsswitch issue?)
           Product: Base System
           Version: 12.3-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: osho@pcc-software.org

What is the issues?
1. FreeBSD 12.3R got stuck during the boot.
2. password database seems not be referred after I made password database to
skip reading compat.

What is the expected behavior?
1. FreeBSD 12.3R should boot without getting stuck even if ldap is configured.
2. when I type a user's password, FreeBSD should recognize it and allow the
user to login.  When I made the user's password blank, FreeBSD should allow
them to login without typing password. That should also be true for root.

What happened?
1. I used freebsd-update to update from 12.2-Release to 12.3-Release. I typed
following commands to upgrade.
# freebsd-update -r 12.3-RELEASE upgrade
(typed 'y' twice because the shown message looked reasonable)
# freebsd-update install
As mentioned, I have rebooted the computer.
# reboot

FreeBSD booted with 12.3R kernel.
To make all packages use the latest library, I force upgraded packages.
# portmaster -a -f
Then, I typed freebsd-update again to finalize the install.
# freebsd-update install
# reboot

During the reboot, it got stuck on booting after starting devd. Since it did
not respond about 10 minutes, I hit power button.  The computer seems to
understand power button and started the shutdown procedure.  I felt ACPI
working well.

I booted the computer and in the first count-down menu, I typed 's' to make it
go into the single user mode.  I could go into the single user mode shell
eventually.
I saw the message saying:
2021-12-22T17:13:00.321721+09:00 init 28 - - NSSWITCH(_nsdispatch): ldap,
passwd_compat, endpwent, not found, and no fallback provided.

I supposed something wrong with nsswitch. I typed following command to mount
all with writable.
# mount -u -a
However, as far as I checked with mount / seems to be read-only. I explicitly
asked it to mount '/' with writable.
# mount -u /

Since I supposed boot process got stuck for fails to access LDAP, I removed
+::: in password and groups.
# vipw
# vi /etc/group

Then, I exited and made it goes into multi-user mode.  During RC execution, I
saw several suspicious messages like:
/etc/mail/submit.cf: 441: readcf: option RunAsUser: unknown user smmsp
(snip)
Mail submission program must have RunAsUser set to non root user
/etc/rc: WARNING: failed to start sendmail_msp_queue
(snip)
Performing sanity check on sshd configuration.
Privilege separation user sshd does not exist
/etc/rc: WARNING: failed precmd routine for sshd
(snip)
Starting jails: jail: <jname>: unknown uid 0
(snip)

I felt password database cannot be read on 12.3R.  Moreover, nsswitch might
have some issues with 12.3R.

I gave up on updating and chose to rollback. i.e. reboot with single user mode,
mount / with writable and executed the following command.
# freebsd-update rollback
Here, rollback got stuck (no progress for 30 minutes) but I decided to reboot
anyway. The system booted and I typed the command again to rollback and reboot.
It seems to work well.

Anything special for your config?
The machine use ldap for extra password and group.  It has a ldap server inside
a jail running on the same machine, and to avoid getting stuck on reading ldaps
during the boot, it does not refer ldap for groups.

However, the issue continued after I removed +:::... lines in password, it
might not be related.

-- 
You are receiving this mail because:
You are the assignee for the bug.