[Freeipa-users] SSSD startup failures on ipa clients

Mark Heslin mheslin at redhat.com
Mon Jul 28 02:42:34 UTC 2014


Folks,

I just stumbled on an odd issue. I have an OpenShift deployment with 2 
brokers, 2 nodes, 1 rhc client
all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 
IPA admin (tools) client all running RHEL 7.0.
All OpenShift hosts, client and IPA client are members of IPA domain 
'interop.example.com'.

After creating ssh public keys on the IPA admin client for user 
'ose-admin1' and uploading them into IPA,
I am able to ssh with the key to all IPA domain hosts as user 
'ose-admin1' except the 2 node hosts.
In looking closer at the 2 node hosts I noticed that SSSD keeps failing 
on start:

# service sssd restart
Stopping sssd: cat: /var/run/sssd.pid: No such file or 
directory                [FAILED]
Starting sssd: [FAILED]

Starting with debug mode shows:

   [root at node1/2 ~]# sssd -d9
   (Sun Jul 27 22:12:29:527689 2014) [sssd] [check_file] (0x0400): lstat 
for [/var/run/nscd/socket] failed: [2][No such file or directory].
   (Sun Jul 27 22:12:29:529293 2014) [sssd] [ldb] (0x0400): 
server_sort:Unable to register control with rootdse!
   (Sun Jul 27 22:12:29:529596 2014) [sssd] [confdb_get_domain_internal] 
(0x0400): No enumeration for [interop.example.com]!
   (Sun Jul 27 22:12:29:529646 2014) [sssd] [confdb_get_domain_internal] 
(0x1000): pwd_expiration_warning is -1
   (Sun Jul 27 22:12:29:529686 2014) [sssd] [server_setup] (0x0040): 
Becoming a daemon.

The logs show show nothing useful but this problem started during the 
ipa-client-install - the log shows:

   2014-07-23T18:40:22Z DEBUG args=/usr/sbin/authconfig --enablesssdauth 
--enablemkhomedir --update --enablesssd
   2014-07-23T18:40:22Z DEBUG stdout=Starting oddjobd:        [  OK ]
   2014-07-23T18:40:22Z DEBUG stderr=
   2014-07-23T18:40:22Z INFO SSSD enabled
   2014-07-23T18:40:29Z DEBUG args=/sbin/service sssd restart
   2014-07-23T18:40:29Z DEBUG stdout=Stopping sssd: [FAILED]
   Starting sssd:                                [FAILED]

   2014-07-23T18:40:29Z DEBUG stderr=cat: /var/run/sssd.pid: No such 
file or directory

   2014-07-23T18:40:29Z WARNING SSSD service restart was unsuccessful.
   2014-07-23T18:40:29Z DEBUG args=/sbin/chkconfig sssd on
   2014-07-23T18:40:29Z DEBUG stdout=

Any ideas? Have we seen this before? I suppose I could uninstall the ipa 
client and re-install but I didn't want
to touch anything until I hear back.

Thanks!

-m

btw - All systems have been updated as of this evening. Kerberos works 
fine but anything requiring
lookups is toast.








More information about the Freeipa-users mailing list