[Freeipa-users] IPA Service Restart causes clients to stop working

John Moyer john.moyer at digitalreasoning.com
Tue Jul 8 13:37:58 UTC 2014 

Jakub,

    So far I have no logs, unfortunately since this is quite the
disruptive activity I am not willing to reproduce.   If I get some time
I can try to built a replica environment and try it there, but I don't
see me having that time.

John

On 7/7/14, 4:28 PM, Jakub Hrozek wrote:
> On Mon, Jul 07, 2014 at 04:09:24PM -0300, Bruno Henrique Barbosa wrote:
>> I can confirm this, I usually run through this after a power outage on my datacenter... Suddenly my /var/log/secure starts saying invalid user (7) to SSH attempts, SSSD logs empty, and I have to logon and restart sssd on every VM manually. 
> Hello Bruno, see my reply to John, if you can capture the sssd logs,
> that would be very welcome in tracking down the problem.
>
>> ----- Mensagem original -----
>>
>> De: "John Moyer" <john.moyer at digitalreasoning.com> 
>> Para: "Jakub Hrozek" <jhrozek at redhat.com>, freeipa-users at redhat.com 
>> Enviadas: Segunda-feira, 7 de julho de 2014 15:56:18 
>> Assunto: Re: [Freeipa-users] IPA Service Restart causes clients to stop working 
>>
>>
>> The /var/log/secure is saying invalid user. When I do a getent passwd $USER I can't get any user from IPA until sssd is restarted. The SSSD logs are completely empty. Below is the sssd.conf if that helps. 
>>
>>
>> Also I just had a server that I fixed (by restarting sssd) break again, restarting sssd fixed it again though. 
>>
>>
>>
>>
>> sssd.conf 
>> [domain/digitalreasoning.com] 
>>
>> cache_credentials = True 
>> krb5_store_password_if_offline = True 
>> ipa_domain = digitalreasoning.com 
>> id_provider = ipa 
>> auth_provider = ipa 
>> access_provider = ipa 
>> ldap_tls_cacert = /etc/ipa/ca.crt 
>> ipa_hostname = client.digitalreasoning.com 
>> chpass_provider = ipa 
>> ipa_server = _srv_, server1.digitalreasoning.com 
>> dns_discovery_domain = digitalreasoning.com 
>> [sssd] 
>> services = nss, pam, ssh 
>> config_file_version = 2 
>>
>> domains = digitalreasoning.com 
>> [nss] 
>>
>> [pam] 
>>
>> [sudo] 
>>
>> [autofs] 
>>
>> [ssh] 
>>
>> [pac] 
>>
>>
>> On 7/7/14, 2:19 PM, Jakub Hrozek wrote: 
>>
>>
>> On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote: 
>> <blockquote>
>> Hello All,
>>
>>     Some of the services in IPA stopped responding and I restarted the
>> service (as I couldn't login to the website or via ssh to any registered
>> hosts).   After the restart I could login to the web app, but still no
>> clients.   I currently can login to one client that I restarted sssd on.
>>   Any suggestions how to fix the rest without having to go to all of
>> them to restart sssd? 
>>
>> Can you log in as root to the clients and check out /var/log/secure
>> and/or the sssd logs?
>>
>> Do your clients cache credentials?
>>
>> I suspect that when IPA went down, the clients went offline and still
>> haven't re-checked the online status..how long since the IPA server went
>> offline? 
>> </blockquote>
>>
>>
>>
>>
>>
>> Thanks, 
>>
>> John Moyer 
>> Director, IT Operations 
>>
>>
>> -- 
>> Manage your subscription for the Freeipa-users mailing list: 
>> https://www.redhat.com/mailman/listinfo/freeipa-users 
>> Go To http://freeipa.org for more info on the project 




Thanks,
------------------------------------------------------------------------
John Moyer
Director, IT Operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140708/d309ce63/attachment.htm>

More information about the Freeipa-users mailing list