<html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> </head> <body bgcolor="#FFFFFF" text="#000000"> Hi all, So I have 2 Centos7 hosts, with same sssd and nsswitch configs. One does find the users in IPA, and the other doesn't. Looks like the Data Provider is offline. I sent the SIGUSR2 signal to sssd which is supposed to bring him online. Didn't help. The hosts can resolve the IPA server hostname. SElinux is enforced. Iptables is disabled. here's my sssd.conf [domain/vgt.vito.be] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = vgt.vito.be id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = epoddev8.vgt.vito.be chpass_provider = ipa ipa_server = _srv_, epoddev5.vgt.vito.be ldap_tls_cacert = /etc/ipa/ca.crt debug_level = 7 [sssd] services = nss, sudo, pam, ssh domains = vgt.vito.be [nss] homedir_substring = /home debug_level = 7 [pam] [sudo] [autofs] [ssh] [pac] [ifp] here's the log of sssd_nss.log (Wed Mar 22 16:27:22 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17][SSS_NSS_GETPWNAM] with input [vdbornem]. (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'vdbornem' matched without domain, user is vdbornem (Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [vdbornem] from [<ALL>] (Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [<a class="moz-txt-link-abbreviated" href="mailto:vdbornem@vgt.vito.be">vdbornem@vgt.vito.be</a>] (Wed Mar 22 16:27:22 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values. (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [<a class="moz-txt-link-abbreviated" href="mailto:0x7f7ffd1d1880:1:vdbornem@vgt.vito.be@vgt.vito.be">0x7f7ffd1d1880:1:vdbornem@vgt.vito.be@vgt.vito.be</a>] (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [vgt.vito.be][0x1][BE_REQ_USER][1][<a class="moz-txt-link-abbreviated" href="mailto:name=vdbornem@vgt.vito.be">name=vdbornem@vgt.vito.be</a>:-] (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [<a class="moz-txt-link-abbreviated" href="mailto:0x7f7ffd1d1880:1:vdbornem@vgt.vito.be@vgt.vito.be">0x7f7ffd1d1880:1:vdbornem@vgt.vito.be@vgt.vito.be</a>] (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline] (Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 5, Failed to get reply from Data Provider Will try to return what we have in cache (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [<a class="moz-txt-link-abbreviated" href="mailto:0x7f7ffd1d1880:1:vdbornem@vgt.vito.be@vgt.vito.be">0x7f7ffd1d1880:1:vdbornem@vgt.vito.be@vgt.vito.be</a>] (Wed Mar 22 16:27:22 2017) [sssd[nss]] [client_recv] (0x0200): Client disconnected! Any ideas appreciated. Thank you, Cheers, m. <div class="moz-signature"> -- Michaël Van de Borne Free Bird Computing SPRL - Gérant 104 rue d'Azebois, 6230 Thiméon Tel: +32(0)472 695716 Skype: mikemowgli TVA: BE0637.834.386 <a href="https://www.linkedin.com/in/micha%C3%ABl-van-de-borne-56409167">Linkedin profile</a> </div> </body> </html>