[Freeipa-users] Trying to use the CLI logs me out

Mauricio Tavares raubvogel at gmail.com
Fri Feb 21 19:13:36 UTC 2014 

On Fri, Feb 21, 2014 at 2:05 PM, Bret Wortman
<bret.wortman at damascusgrp.com> wrote:
> Bizarre.
>
> # strace -f -o /tmp/out ipa help
>
> Usage: ipa [global-options] COMMAND [command-options]
>
> :
>
> :
>
> :
>
>
> # ipa help
>
> Connection to ipamaster closed.
>
> $
>
      When you logged back in, did /tmp/out have anything interesting?
>
>
>
> On 02/21/2014 01:36 PM, Rob Crittenden wrote:
>>
>> Bret Wortman wrote:
>>>
>>> I'm getting ready to leave for the weekend, and this isn't the kind of
>>> thing I want to track down on a Friday, but if anyone has any ideas for
>>> things I should look at come Monday morning, I'd be very appreciative.
>>>
>>> I've got a system with 12 replicas, and no matter which IPA server I log
>>> into and try to run "ipa" CLI commands on (even "ipa help"), I get my
>>> session terminated. I also tried from a client system that has the
>>> ipatools rpm installed, and in that case I got bounced out of my sudo'd
>>> root session.
>>>
>>> I need to figure this out because something's obviously amiss, and we
>>> have discovered a number of systems that are lacking Kerberos keys. I
>>> was hoping the CLI would provide the mechanism to get them fixed. We're
>>> also trying to track down a 6-10 second delay every time a user logs in
>>> using SSSD to authenticate; the password check passes almost instantly,
>>> but something is taking up an additional bunch of time and my users are
>>> starting to complain. So I need to get past this so I can debug that.
>>>
>>> Thanks, and have a great weekend, all.
>>
>>
>> For the life of me I can't figure out what the ipa command might do that
>> would log you out. I think brute force might be a way to go with this:
>>
>> strace -f o /tmp/out ipa help
>>
>> Then go back in and see what happened.
>>
>> As for login delay you may want to pick a client system and bump up the
>> sssd debug level and see if that provides any clues.
>>
>> rob
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list