<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> I don't know if this will be informative or not, but: <tt># strace -f -o /tmp/out ipa host-find zw129.damascusgrp.com</tt><tt> </tt><tt>--------------</tt><tt> </tt><tt>1 host matched</tt><tt> </tt><tt>--------------</tt><tt> </tt><tt> Host name: zw129.damascusgrp.com</tt><tt> </tt><tt> :</tt><tt> </tt><tt> :</tt><tt> </tt><tt>#</tt> I then found this pattern occurring a number of times within the (17564 line) output file: <tt> </tt><tt>4229 mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...></tt><tt> </tt><tt>4237 <... close resumed> ) = 0</tt><tt> </tt><tt>4229 <... mmap resumed> ) = 0x7f936aad2000 4229 read(13, <unfinished ...> 4237 dup2(7, 0) = 0</tt> <tt>4237 dup2(10, 1) = 1 </tt><tt>4237 dup2(12, 2) = 2 4237 close(7) = 0</tt> <tt>4237 close(10) = 0 </tt><tt>4237 close(12) = 0 </tt><tt>4237 close(3) = 0 </tt><tt>4237 close(4) = 0 </tt><tt>4237 close(5) = 0 </tt><tt>4237 close(6) = 0 </tt><tt>4237 close(7) = -1 EBADF (Bad file descriptor) </tt><tt>4237 close(8) = -1 EBADF (Bad file descriptor) </tt><tt>4237 close(9) = -1 EBADF (Bad file descriptor) </tt><tt>4237 close(10) = -1 EBADF (Bad file descriptor) : : Continues for a thousand entries or so, then : </tt><tt>4237 close(1022) = -1 EBADF (Bad file descriptor) </tt><tt>4237 close(1023) = -1 EBADF (Bad file descriptor) 4237 execve("/bin/keyctl", ["keyctl", "padd", "user", <a class="moz-txt-link-rfc2396E" href="mailto:ipa_session_cookie:admin@DAMASCUSGRP.COM">"ipa_session_cookie:admin@DAMASCUSGRP.COM"</a>, "@s"], [/* 27 vars */] <unfinished ...> </tt> Interesting, or just noise? <div class="moz-cite-prefix">On 02/21/2014 02:50 PM, Bret Wortman wrote: </div> <blockquote cite="mid:911FBF07-2E6C-4E79-8D06-E739FBF60425@damascusgrp.com" type="cite"> <pre wrap="">D'oh! I'm blaming Friday. Didn't think to heck. Will try Monday. Bret Wortman <a class="moz-txt-link-freetext" href="http://bretwortman.com/">http://bretwortman.com/</a> <a class="moz-txt-link-freetext" href="http://twitter.com/BretWortman">http://twitter.com/BretWortman</a> </pre> <blockquote type="cite"> <pre wrap="">On Feb 21, 2014, at 2:13 PM, Mauricio Tavares <a class="moz-txt-link-rfc2396E" href="mailto:raubvogel@gmail.com"><raubvogel@gmail.com></a> wrote: On Fri, Feb 21, 2014 at 2:05 PM, Bret Wortman <a class="moz-txt-link-rfc2396E" href="mailto:bret.wortman@damascusgrp.com"><bret.wortman@damascusgrp.com></a> wrote: </pre> <blockquote type="cite"> <pre wrap="">Bizarre. # strace -f -o /tmp/out ipa help Usage: ipa [global-options] COMMAND [command-options] : : : # ipa help Connection to ipamaster closed. $ </pre> </blockquote> <pre wrap=""> When you logged back in, did /tmp/out have anything interesting? </pre> <blockquote type="cite"> <pre wrap=""> </pre> <blockquote type="cite"> <pre wrap="">On 02/21/2014 01:36 PM, Rob Crittenden wrote: Bret Wortman wrote: </pre> <blockquote type="cite"> <pre wrap=""> I'm getting ready to leave for the weekend, and this isn't the kind of thing I want to track down on a Friday, but if anyone has any ideas for things I should look at come Monday morning, I'd be very appreciative. I've got a system with 12 replicas, and no matter which IPA server I log into and try to run "ipa" CLI commands on (even "ipa help"), I get my session terminated. I also tried from a client system that has the ipatools rpm installed, and in that case I got bounced out of my sudo'd root session. I need to figure this out because something's obviously amiss, and we have discovered a number of systems that are lacking Kerberos keys. I was hoping the CLI would provide the mechanism to get them fixed. We're also trying to track down a 6-10 second delay every time a user logs in using SSSD to authenticate; the password check passes almost instantly, but something is taking up an additional bunch of time and my users are starting to complain. So I need to get past this so I can debug that. Thanks, and have a great weekend, all. </pre> </blockquote> <pre wrap=""> For the life of me I can't figure out what the ipa command might do that would log you out. I think brute force might be a way to go with this: strace -f o /tmp/out ipa help Then go back in and see what happened. As for login delay you may want to pick a client system and bump up the sssd debug level and see if that provides any clues. rob </pre> </blockquote> <pre wrap=""> _______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> </pre> </blockquote> <pre wrap=""> _______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> </pre> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> </blockquote> </body> </html>