[Freeipa-users] IPA Service Restart causes clients to stop working

Jakub Hrozek jhrozek at redhat.com
Mon Jul 7 20:28:41 UTC 2014 

On Mon, Jul 07, 2014 at 04:09:24PM -0300, Bruno Henrique Barbosa wrote:
> I can confirm this, I usually run through this after a power outage on my datacenter... Suddenly my /var/log/secure starts saying invalid user (7) to SSH attempts, SSSD logs empty, and I have to logon and restart sssd on every VM manually. 

Hello Bruno, see my reply to John, if you can capture the sssd logs,
that would be very welcome in tracking down the problem.

> 
> ----- Mensagem original -----
> 
> De: "John Moyer" <john.moyer at digitalreasoning.com> 
> Para: "Jakub Hrozek" <jhrozek at redhat.com>, freeipa-users at redhat.com 
> Enviadas: Segunda-feira, 7 de julho de 2014 15:56:18 
> Assunto: Re: [Freeipa-users] IPA Service Restart causes clients to stop working 
> 
> 
> The /var/log/secure is saying invalid user. When I do a getent passwd $USER I can't get any user from IPA until sssd is restarted. The SSSD logs are completely empty. Below is the sssd.conf if that helps. 
> 
> 
> Also I just had a server that I fixed (by restarting sssd) break again, restarting sssd fixed it again though. 
> 
> 
> 
> 
> sssd.conf 
> [domain/digitalreasoning.com] 
> 
> cache_credentials = True 
> krb5_store_password_if_offline = True 
> ipa_domain = digitalreasoning.com 
> id_provider = ipa 
> auth_provider = ipa 
> access_provider = ipa 
> ldap_tls_cacert = /etc/ipa/ca.crt 
> ipa_hostname = client.digitalreasoning.com 
> chpass_provider = ipa 
> ipa_server = _srv_, server1.digitalreasoning.com 
> dns_discovery_domain = digitalreasoning.com 
> [sssd] 
> services = nss, pam, ssh 
> config_file_version = 2 
> 
> domains = digitalreasoning.com 
> [nss] 
> 
> [pam] 
> 
> [sudo] 
> 
> [autofs] 
> 
> [ssh] 
> 
> [pac] 
> 
> 
> On 7/7/14, 2:19 PM, Jakub Hrozek wrote: 
> 
> 
> On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote: 
> <blockquote>
> Hello All,
> 
>     Some of the services in IPA stopped responding and I restarted the
> service (as I couldn't login to the website or via ssh to any registered
> hosts).   After the restart I could login to the web app, but still no
> clients.   I currently can login to one client that I restarted sssd on.
>   Any suggestions how to fix the rest without having to go to all of
> them to restart sssd? 
> 
> Can you log in as root to the clients and check out /var/log/secure
> and/or the sssd logs?
> 
> Do your clients cache credentials?
> 
> I suspect that when IPA went down, the clients went offline and still
> haven't re-checked the online status..how long since the IPA server went
> offline? 
> </blockquote>
> 
> 
> 
> 
> 
> Thanks, 
> 
> John Moyer 
> Director, IT Operations 
> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list: 
> https://www.redhat.com/mailman/listinfo/freeipa-users 
> Go To http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list