[Freeipa-users] Trying to use the CLI logs me out
Rob Crittenden
rcritten at redhat.com
Fri Feb 21 18:36:02 UTC 2014
Bret Wortman wrote:
> I'm getting ready to leave for the weekend, and this isn't the kind of
> thing I want to track down on a Friday, but if anyone has any ideas for
> things I should look at come Monday morning, I'd be very appreciative.
>
> I've got a system with 12 replicas, and no matter which IPA server I log
> into and try to run "ipa" CLI commands on (even "ipa help"), I get my
> session terminated. I also tried from a client system that has the
> ipatools rpm installed, and in that case I got bounced out of my sudo'd
> root session.
>
> I need to figure this out because something's obviously amiss, and we
> have discovered a number of systems that are lacking Kerberos keys. I
> was hoping the CLI would provide the mechanism to get them fixed. We're
> also trying to track down a 6-10 second delay every time a user logs in
> using SSSD to authenticate; the password check passes almost instantly,
> but something is taking up an additional bunch of time and my users are
> starting to complain. So I need to get past this so I can debug that.
>
> Thanks, and have a great weekend, all.
For the life of me I can't figure out what the ipa command might do that
would log you out. I think brute force might be a way to go with this:
strace -f o /tmp/out ipa help
Then go back in and see what happened.
As for login delay you may want to pick a client system and bump up the
sssd debug level and see if that provides any clues.
rob
More information about the Freeipa-users
mailing list