[Freeipa-users] Trying to use the CLI logs me out

Bret Wortman bret.wortman at damascusgrp.com
Tue Feb 25 18:10:40 UTC 2014 

I don't know if this will be informative or not, but:

# strace -f -o /tmp/out ipa host-find zw129.damascusgrp.com
--------------
1 host matched
--------------
Host name: zw129.damascusgrp.com
   :
   :
#

I then found this pattern occurring a number of times within the (17564 
line) output file:

4229  mmap(NULL, 1052672, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
4237  <... close resumed> )             = 0
4229  <... mmap resumed> )              = 0x7f936aad2000
4229  read(13, <unfinished ...>
4237  dup2(7, 0)                        = 0
4237  dup2(10, 1)                       = 1
4237  dup2(12, 2)                       = 2
4237  close(7)                          = 0
4237  close(10)                         = 0
4237  close(12)                         = 0
4237  close(3)                          = 0
4237  close(4)                          = 0
4237  close(5)                          = 0
4237  close(6)                          = 0
4237  close(7)                          = -1 EBADF (Bad file descriptor)
4237  close(8)                          = -1 EBADF (Bad file descriptor)
4237  close(9)                          = -1 EBADF (Bad file descriptor)
4237  close(10)                         = -1 EBADF (Bad file descriptor)
:
: Continues for a thousand entries or so, then
:
4237  close(1022)                       = -1 EBADF (Bad file descriptor)
4237  close(1023)                       = -1 EBADF (Bad file descriptor)
4237  execve("/bin/keyctl", ["keyctl", "padd", "user", 
"ipa_session_cookie:admin at DAMASCUSGRP.COM", "@s"], [/* 27 vars */] 
<unfinished ...>

Interesting, or just noise?


On 02/21/2014 02:50 PM, Bret Wortman wrote:
> D'oh! I'm blaming Friday. Didn't think to heck. Will try Monday.
>
>
> Bret Wortman
> http://bretwortman.com/
> http://twitter.com/BretWortman
>
>> On Feb 21, 2014, at 2:13 PM, Mauricio Tavares <raubvogel at gmail.com> wrote:
>>
>> On Fri, Feb 21, 2014 at 2:05 PM, Bret Wortman
>> <bret.wortman at damascusgrp.com> wrote:
>>> Bizarre.
>>>
>>> # strace -f -o /tmp/out ipa help
>>>
>>> Usage: ipa [global-options] COMMAND [command-options]
>>>
>>> :
>>>
>>> :
>>>
>>> :
>>>
>>>
>>> # ipa help
>>>
>>> Connection to ipamaster closed.
>>>
>>> $
>>       When you logged back in, did /tmp/out have anything interesting?
>>>
>>>
>>>> On 02/21/2014 01:36 PM, Rob Crittenden wrote:
>>>>
>>>> Bret Wortman wrote:
>>>>> I'm getting ready to leave for the weekend, and this isn't the kind of
>>>>> thing I want to track down on a Friday, but if anyone has any ideas for
>>>>> things I should look at come Monday morning, I'd be very appreciative.
>>>>>
>>>>> I've got a system with 12 replicas, and no matter which IPA server I log
>>>>> into and try to run "ipa" CLI commands on (even "ipa help"), I get my
>>>>> session terminated. I also tried from a client system that has the
>>>>> ipatools rpm installed, and in that case I got bounced out of my sudo'd
>>>>> root session.
>>>>>
>>>>> I need to figure this out because something's obviously amiss, and we
>>>>> have discovered a number of systems that are lacking Kerberos keys. I
>>>>> was hoping the CLI would provide the mechanism to get them fixed. We're
>>>>> also trying to track down a 6-10 second delay every time a user logs in
>>>>> using SSSD to authenticate; the password check passes almost instantly,
>>>>> but something is taking up an additional bunch of time and my users are
>>>>> starting to complain. So I need to get past this so I can debug that.
>>>>>
>>>>> Thanks, and have a great weekend, all.
>>>>
>>>> For the life of me I can't figure out what the ipa command might do that
>>>> would log you out. I think brute force might be a way to go with this:
>>>>
>>>> strace -f o /tmp/out ipa help
>>>>
>>>> Then go back in and see what happened.
>>>>
>>>> As for login delay you may want to pick a client system and bump up the
>>>> sssd debug level and see if that provides any clues.
>>>>
>>>> rob
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140225/ac21f289/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140225/ac21f289/attachment.p7s>

More information about the Freeipa-users mailing list