[Freeipa-users] IPA Service Restart causes clients to stop working
John Moyer
john.moyer at digitalreasoning.com
Tue Jul 8 13:37:58 UTC 2014
Jakub,
So far I have no logs, unfortunately since this is quite the
disruptive activity I am not willing to reproduce. If I get some time
I can try to built a replica environment and try it there, but I don't
see me having that time.
John
On 7/7/14, 4:28 PM, Jakub Hrozek wrote:
> On Mon, Jul 07, 2014 at 04:09:24PM -0300, Bruno Henrique Barbosa wrote:
>> I can confirm this, I usually run through this after a power outage on my datacenter... Suddenly my /var/log/secure starts saying invalid user (7) to SSH attempts, SSSD logs empty, and I have to logon and restart sssd on every VM manually.
> Hello Bruno, see my reply to John, if you can capture the sssd logs,
> that would be very welcome in tracking down the problem.
>
>> ----- Mensagem original -----
>>
>> De: "John Moyer" <john.moyer at digitalreasoning.com>
>> Para: "Jakub Hrozek" <jhrozek at redhat.com>, freeipa-users at redhat.com
>> Enviadas: Segunda-feira, 7 de julho de 2014 15:56:18
>> Assunto: Re: [Freeipa-users] IPA Service Restart causes clients to stop working
>>
>>
>> The /var/log/secure is saying invalid user. When I do a getent passwd $USER I can't get any user from IPA until sssd is restarted. The SSSD logs are completely empty. Below is the sssd.conf if that helps.
>>
>>
>> Also I just had a server that I fixed (by restarting sssd) break again, restarting sssd fixed it again though.
>>
>>
>>
>>
>> sssd.conf
>> [domain/digitalreasoning.com]
>>
>> cache_credentials = True
>> krb5_store_password_if_offline = True
>> ipa_domain = digitalreasoning.com
>> id_provider = ipa
>> auth_provider = ipa
>> access_provider = ipa
>> ldap_tls_cacert = /etc/ipa/ca.crt
>> ipa_hostname = client.digitalreasoning.com
>> chpass_provider = ipa
>> ipa_server = _srv_, server1.digitalreasoning.com
>> dns_discovery_domain = digitalreasoning.com
>> [sssd]
>> services = nss, pam, ssh
>> config_file_version = 2
>>
>> domains = digitalreasoning.com
>> [nss]
>>
>> [pam]
>>
>> [sudo]
>>
>> [autofs]
>>
>> [ssh]
>>
>> [pac]
>>
>>
>> On 7/7/14, 2:19 PM, Jakub Hrozek wrote:
>>
>>
>> On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote:
>> <blockquote>
>> Hello All,
>>
>> Some of the services in IPA stopped responding and I restarted the
>> service (as I couldn't login to the website or via ssh to any registered
>> hosts). After the restart I could login to the web app, but still no
>> clients. I currently can login to one client that I restarted sssd on.
>> Any suggestions how to fix the rest without having to go to all of
>> them to restart sssd?
>>
>> Can you log in as root to the clients and check out /var/log/secure
>> and/or the sssd logs?
>>
>> Do your clients cache credentials?
>>
>> I suspect that when IPA went down, the clients went offline and still
>> haven't re-checked the online status..how long since the IPA server went
>> offline?
>> </blockquote>
>>
>>
>>
>>
>>
>> Thanks,
>>
>> John Moyer
>> Director, IT Operations
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project
Thanks,
------------------------------------------------------------------------
John Moyer
Director, IT Operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140708/d309ce63/attachment.htm>
More information about the Freeipa-users
mailing list