[Freeipa-users] Trying to use the CLI logs me out

[Bret Wortman]

Bizarre.

# strace -f -o /tmp/out ipa help

Usage: ipa [global-options] COMMAND [command-options]

:

:

:

# ipa help

Connection to ipamaster closed.

$



On 02/21/2014 01:36 PM, Rob Crittenden wrote:
> Bret Wortman wrote:
>> I'm getting ready to leave for the weekend, and this isn't the kind of
>> thing I want to track down on a Friday, but if anyone has any ideas for
>> things I should look at come Monday morning, I'd be very appreciative.
>>
>> I've got a system with 12 replicas, and no matter which IPA server I log
>> into and try to run "ipa" CLI commands on (even "ipa help"), I get my
>> session terminated. I also tried from a client system that has the
>> ipatools rpm installed, and in that case I got bounced out of my sudo'd
>> root session.
>>
>> I need to figure this out because something's obviously amiss, and we
>> have discovered a number of systems that are lacking Kerberos keys. I
>> was hoping the CLI would provide the mechanism to get them fixed. We're
>> also trying to track down a 6-10 second delay every time a user logs in
>> using SSSD to authenticate; the password check passes almost instantly,
>> but something is taking up an additional bunch of time and my users are
>> starting to complain. So I need to get past this so I can debug that.
>>
>> Thanks, and have a great weekend, all.
>
> For the life of me I can't figure out what the ipa command might do 
> that would log you out. I think brute force might be a way to go with 
> this:
>
> strace -f o /tmp/out ipa help
>
> Then go back in and see what happened.
>
> As for login delay you may want to pick a client system and bump up 
> the sssd debug level and see if that provides any clues.
>
> rob


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140221/da50c158/attachment.p7s>