<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">The /var/log/secure is saying invalid user. When I do a getent passwd $USER I can't get any user from IPA until sssd is restarted. The SSSD logs are completely empty. Below is the sssd.conf if that helps. Also I just had a server that I fixed (by restarting sssd) break again, restarting sssd fixed it again though. sssd.conf [domain/digitalreasoning.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = digitalreasoning.com id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = client.digitalreasoning.com chpass_provider = ipa ipa_server = _srv_, server1.digitalreasoning.com dns_discovery_domain = digitalreasoning.com [sssd] services = nss, pam, ssh config_file_version = 2 domains = digitalreasoning.com [nss] [pam] [sudo] [autofs] [ssh] [pac] On 7/7/14, 2:19 PM, Jakub Hrozek wrote: </div> <blockquote cite="mid:20140707181952.GE6840@hendrix.brq.redhat.com" type="cite"> <pre wrap="">On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote: </pre> <blockquote type="cite"> <pre wrap="">Hello All, Some of the services in IPA stopped responding and I restarted the service (as I couldn't login to the website or via ssh to any registered hosts). After the restart I could login to the web app, but still no clients. I currently can login to one client that I restarted sssd on. Any suggestions how to fix the rest without having to go to all of them to restart sssd? </pre> </blockquote> <pre wrap=""> Can you log in as root to the clients and check out /var/log/secure and/or the sssd logs? Do your clients cache credentials? I suspect that when IPA went down, the clients went offline and still haven't re-checked the online status..how long since the IPA server went offline? </pre> </blockquote> <div class="moz-signature"> Thanks, <hr> John Moyer Director, IT Operations </div> </body> </html>