<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">The /var/log/secure is saying invalid
user. When I do a getent passwd $USER I can't get any user from
IPA until sssd is restarted. The SSSD logs are completely
empty. Below is the sssd.conf if that helps. <br>
<br>
<br>
Also I just had a server that I fixed (by restarting sssd) break
again, restarting sssd fixed it again though. <br>
<br>
<br>
<br>
<br>
sssd.conf<br>
[domain/digitalreasoning.com]<br>
<br>
cache_credentials = True<br>
krb5_store_password_if_offline = True<br>
ipa_domain = digitalreasoning.com<br>
id_provider = ipa<br>
auth_provider = ipa<br>
access_provider = ipa<br>
ldap_tls_cacert = /etc/ipa/ca.crt<br>
ipa_hostname = client.digitalreasoning.com<br>
chpass_provider = ipa<br>
ipa_server = _srv_, server1.digitalreasoning.com<br>
dns_discovery_domain = digitalreasoning.com<br>
[sssd]<br>
services = nss, pam, ssh<br>
config_file_version = 2<br>
<br>
domains = digitalreasoning.com<br>
[nss]<br>
<br>
[pam]<br>
<br>
[sudo]<br>
<br>
[autofs]<br>
<br>
[ssh]<br>
<br>
[pac]<br>
<br>
<br>
On 7/7/14, 2:19 PM, Jakub Hrozek wrote:<br>
</div>
<blockquote cite="mid:20140707181952.GE6840@hendrix.brq.redhat.com"
type="cite">
<pre wrap="">On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello All,
Some of the services in IPA stopped responding and I restarted the
service (as I couldn't login to the website or via ssh to any registered
hosts). After the restart I could login to the web app, but still no
clients. I currently can login to one client that I restarted sssd on.
Any suggestions how to fix the rest without having to go to all of
them to restart sssd?
</pre>
</blockquote>
<pre wrap="">
Can you log in as root to the clients and check out /var/log/secure
and/or the sssd logs?
Do your clients cache credentials?
I suspect that when IPA went down, the clients went offline and still
haven't re-checked the online status..how long since the IPA server went
offline?
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature"><br>
<br>
Thanks,<br>
<hr>
John Moyer<br>
Director, IT Operations<br>
<br>
</div>
</body>
</html>