[Freeipa-users] 'Request is a replay'
Sigbjorn Lie
sigbjorn at nixtra.com
Wed Jul 25 07:09:01 UTC 2012
On Tue, July 24, 2012 20:29, Simo Sorce wrote:
> On Tue, 2012-07-24 at 10:22 +0200, Sigbjorn Lie wrote:
>
>> Hi,
>>
>>
>> I keep seing this error message in our production environment "Request is a replay" in variuos
>> services using kerberos like ssh, sssd, automounter, squid +++ after the upgrade to RHEL 6.3 /
>> IPA
>> 2.2.
>>
>>
>>
>> Jul 24 10:16:11 server027 sssd_be: GSSAPI Error: Unspecified GSS failure. Minor code may
>> provide more information (Request is a replay)
>>
>> Seaching google seem to suggest that this is an error with time. However we have NTP configured
>> (IPA servers as NTP servers) which is synchronized to external NTP servers. There has been no
>> issue before, and I cannot find issue with the time being out of sync on the machines where this
>> is happening.
>
> This error usually appears only when a same request is found in the
> replay cache. It shouldn't be related to time issues, in that case you usually get clock-skew.
>
> Can you tell me what operation was being performed by sssd when you
> caught that error ? Can you check if immediately before another identical operation had been
> performed ?
>
Unfortunately no, I believe I was doing an "ls -l" on a nfs drive where sssd had to look up some
uids, or a "ps -ef" where sssd also had to look up some uids or something related.
I am unable to recreate the error with any specific commands, it's occuring randomly. Mind you,
it's occuring to all kerberos based services, not just sssd.
Rgds,
Siggi
More information about the Freeipa-users
mailing list