[Freeipa-users] IDM/ipa slow login
John Obaterspok
john.obaterspok at gmail.com
Thu Aug 13 20:57:28 UTC 2015
Hi Seli,
In /etc/sssd/sssd.conf add below:
selinux_provider=none
to the domain section. Then restart sssd.
-- john
2015-08-13 16:23 GMT+02:00 seli irithyl <seli.irithyl at gmail.com>:
> Here's the sssd_domain log part during an ssh
>
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_get_account_info]
> (0x0200): Got request for [0x3][1][name=test]
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_req_set_domain]
> (0x0400): Changing request domain from [bioinf.local] to [bioinf.local]
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_get_initgr_next_base] (0x0400): Searching for users with base
> [cn=accounts,dc=bioinf,dc=local]
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(uid=test)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user]
> (0x0400): Save user
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_get_primary_name] (0x0400): Processing object test
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user]
> (0x0400): Processing user test
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user]
> (0x0400): Adding original memberOf attributes to [test].
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user]
> (0x0400): Adding user principal [test at BIOINF.LOCAL] to attributes of
> [test].
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user]
> (0x0400): Storing info for user test
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_get_primary_name] (0x0400): Processing object test
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_has_deref_support] (0x0400): The server supports deref method OpenLDAP
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))][cn=ipausers,cn=groups,cn=accounts,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))][cn=bioinfo,cn=groups,cn=accounts,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_primary_name] (0x0400): Processing object ipausers
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_primary_name] (0x0400): Processing object bioinfo
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_groups_next_base] (0x0400): Searching for groups with base
> [cn=accounts,dc=bioinf,dc=local]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(gidNumber=1713400050)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_has_deref_support] (0x0400): The server supports deref method OpenLDAP
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_nested_group_recv] (0x0400): 0 users found in the hash table
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_nested_group_recv] (0x0400): 1 groups found in the hash table
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_primary_name] (0x0400): Processing object test
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_save_group]
> (0x0400): Processing group test
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_process_ghost_members] (0x0400): The group has 0 members
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_process_ghost_members] (0x0400): Group has 0 members
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_save_group]
> (0x0400): Storing info for group test
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_primary_name] (0x0400): Processing object test
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_save_grpmem]
> (0x0400): Processing group test
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_save_grpmem]
> (0x0400): Failed to get group sid
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_save_grpmem]
> (0x0400): No members for group [test]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:bioinf.local:52e6beb4-158e-11e5-b14d-000af77e6812))][cn=Default
> Trust View,cn=views,cn=accounts,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: No such object(32),
> no errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 0,0,Success
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [be_req_set_domain]
> (0x0400): Changing request domain from [bioinf.local] to [bioinf.local]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [be_pam_handler]
> (0x0100): Got request with the following data
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): command: PAM_ACCT_MGMT
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): domain: bioinf.local
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): user: test
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): service: sshd
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): tty: ssh
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): ruser:
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): rhost: copper.bioinf.local
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): authtok type: 0
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): priv: 1
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): cli_pid: 44307
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): logon name: not set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_access_send]
> (0x0400): Performing access check for user [test]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user
> [test]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaHost)(fqdn=lead.bioinf.local))][cn=accounts,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_has_deref_support] (0x0400): The server supports deref method OpenLDAP
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_x_deref_search_send] (0x0400): Dereferencing entry
> [fqdn=lead.bioinf.local,cn=computers,cn=accounts,dc=bioinf,dc=local] using
> OpenLDAP deref
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no
> filter][fqdn=lead.bioinf.local,cn=computers,cn=accounts,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_x_deref_parse_entry] (0x0400): Got deref control
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_x_deref_parse_entry] (0x0400): All deref results from a single
> control parsed
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [ipa_hbac_service_info_next] (0x0400): Sending request for next search
> base: [cn=hbac,dc=bioinf,dc=local][2][(objectClass=ipaHBACService)]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(objectClass=ipaHBACService)][cn=hbac,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [ipa_hbac_servicegroup_info_next] (0x0400): Sending request for next search
> base: [cn=hbac,dc=bioinf,dc=local][2][(objectClass=ipaHBACServiceGroup)]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [ipa_hbac_rule_info_next] (0x0400): Sending request for next search base:
> [cn=hbac,dc=bioinf,dc=local][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=lead.bioinf.local,cn=computers,cn=accounts,dc=bioinf,dc=local)))]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=lead.bioinf.local,cn=computers,cn=accounts,dc=bioinf,dc=local)))][cn=hbac,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [hbac_get_category]
> (0x0200): Category is set to 'all'.
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [hbac_get_category]
> (0x0200): Category is set to 'all'.
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [hbac_get_category]
> (0x0200): Category is set to 'all'.
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule
> [allow_all]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [allow_all]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [ipa_get_selinux_send]
> (0x0400): Retrieving SELinux user mapping
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [ipa_selinux_get_maps_next] (0x0400): Trying to fetch SELinux maps with
> following parameters:
> [2][(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=bioinf,dc=local]
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=bioinf,dc=local].
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]
> [ipa_selinux_get_maps_done] (0x0400): No SELinux user maps found!
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [write_pipe_handler]
> (0x0400): All data has been sent!
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [child_sig_handler]
> (0x0100): child [44309] finished successfully.
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [read_pipe_handler]
> (0x0400): EOF received, client finished
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success)
> [Success]
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][bioinf.local]
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][bioinf.local]
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [be_req_set_domain]
> (0x0400): Changing request domain from [bioinf.local] to [bioinf.local]
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [be_pam_handler]
> (0x0100): Got request with the following data
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): command: PAM_OPEN_SESSION
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): domain: bioinf.local
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): user: test
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): service: sshd
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): tty: ssh
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): ruser:
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): rhost: copper.bioinf.local
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): authtok type: 0
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): priv: 1
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): cli_pid: 44307
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [pam_print_data]
> (0x0100): logon name: not set
> (Thu Aug 13 15:22:34 2015) [sssd[be[bioinf.local]]] [be_pam_handler]
> (0x0100): Sending result [0][bioinf.local]
>
> why is there such message : Could not parse domain SID from [(null)] ? I
> thought SID was related to AD ?
> Is it normal that:
> some messages seems duplicated ?
> SELinux user maps were not found ?
>
> (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_save_grpmem]
> (0x0400): No members for group [test]
> Looking in the UI, the "test" group does not exist
> Moreover the "trust admins" and "ipausers" dont have GID
>
> Thanks for all
>
> On Thu, Aug 13, 2015 at 1:05 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
>
>> On Thu, Aug 13, 2015 at 12:12:03PM +0200, seli irithyl wrote:
>> > In the logs, there is lots of warnings concerning pki tomcat server :
>> >
>> > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Started The Apache HTTP
>> > Server.
>> > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting
>> > system-pki\x2dtomcatd.slice.
>> > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Created slice
>> > system-pki\x2dtomcatd.slice.
>> > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting PKI Tomcat
>> Server.
>> > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Reached target PKI Tomcat
>> > Server.
>> > Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting PKI Tomcat Server
>> > pki-tomcat...
>> > Aug 13 09:51:57 lead.bioinf.local systemd[1]: Started PKI Tomcat Server
>> > pki-tomcat.
>> > Aug 13 09:51:57 lead.bioinf.local server[5213]: Java virtual machine
>> used:
>> > /usr/bin/java
>> > Aug 13 09:51:57 lead.bioinf.local server[5213]: classpath used:
>> >
>> /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
>> > Aug 13 09:51:57 lead.bioinf.local server[5213]: main class used:
>> > org.apache.catalina.startup.Bootstrap
>> > Aug 13 09:51:57 lead.bioinf.local server[5213]: flags used:
>> > -DRESTEASY_LIB=/usr/share/java/resteasy-base
>> > Aug 13 09:51:57 lead.bioinf.local server[5213]: options used:
>> > -Dcatalina.base=/var/lib/pki/pki-tomcat
>> -Dcatalina.home=/usr/share/tomcat
>> > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
>> >
>> -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
>> > -Djav
>> > Aug 13 09:51:57 lead.bioinf.local server[5213]: arguments used: start
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'enableOCSP' to 'false' did not find a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'ocspResponderURL' to 'http://lead.bioinf.local:9080/ca/ocsp' did not
>> find
>> > a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not
>> find a
>> > matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'ocspCacheSize' to '1000' did not find a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'ocspMinCacheEntryDuration' to '60' did not find a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'ocspTimeout' to '10' did not find a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'strictCiphers' to 'true' did not find a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'sslOptions' to 'ssl2=true,ssl3=true,tls=true' did not find a matching
>> > property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'ssl2Ciphers' to
>> >
>> '-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'ssl3Ciphers' to
>> >
>> '-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'tlsCiphers' to
>> >
>> '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TL
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'serverCertNickFile' to
>> '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
>> > did not find a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf' did not
>> find
>> > a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'passwordClass' to 'org.apache.tomcat.util.net.jss.PlainPasswordFile'
>> did
>> > not find a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a matching
>> > property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching
>> property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
>> > property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > 'sslRangeCiphers' to
>> >
>> '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SH
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.tomcat.util.digester.SetPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
>> > 'xmlValidation' to 'false' did not find a matching property.
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:58 AM
>> > org.apache.tomcat.util.digester.SetPropertiesRule begin
>> > Aug 13 09:51:58 lead.bioinf.local server[5213]: WARNING:
>> > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
>> > 'xmlNamespaceAware' to 'false' did not find a matching property.
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM
>> > org.apache.coyote.AbstractProtocol init
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Initializing
>> > ProtocolHandler ["http-bio-8080"]
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM
>> > org.apache.coyote.AbstractProtocol init
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Initializing
>> > ProtocolHandler ["http-bio-8443"]
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher
>> > "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" not recognized by tomcatjss
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher
>> > "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" not recognized by tomcatjss
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher
>> > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" not recognized by tomcatjss
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher
>> > "TLS_RSA_WITH_3DES_EDE_CBC_SHA" not recognized by tomcatjss
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher
>> > "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" not recognized by tomcatjss
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher
>> > "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" not recognized by tomcatjss
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher
>> > "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" unsupported by NSS
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Error: SSL cipher
>> > "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" unsupported by NSS
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM
>> > org.apache.coyote.AbstractProtocol init
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Initializing
>> > ProtocolHandler ["ajp-bio-127.0.0.1-8009"]
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM
>> > org.apache.catalina.startup.Catalina load
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Initialization
>> > processed in 995 ms
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM
>> > org.apache.catalina.core.StandardService startInternal
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Starting service
>> > Catalina
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM
>> > org.apache.catalina.core.StandardEngine startInternal
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Starting Servlet
>> > Engine: Apache Tomcat/7.0.54
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: Aug 13, 2015 9:51:59 AM
>> > org.apache.catalina.startup.HostConfig deployDescriptor
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]: INFO: Deploying
>> > configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]:
>> > SSLAuthenticatorWithFallback: Creating SSL authenticator with fallback
>> > Aug 13 09:51:59 lead.bioinf.local server[5213]:
>> > SSLAuthenticatorWithFallback: Setting container
>> > Aug 13 09:52:01 lead.bioinf.local server[5213]:
>> > SSLAuthenticatorWithFallback: Initializing authenticators
>> > Aug 13 09:52:01 lead.bioinf.local server[5213]:
>> > SSLAuthenticatorWithFallback: Starting authenticators
>> > Aug 13 09:52:12 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:12 AM
>> > org.apache.catalina.startup.HostConfig deployDescriptor
>> > Aug 13 09:52:12 lead.bioinf.local server[5213]: INFO: Deployment of
>> > configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml
>> has
>> > finished in 13,391 ms
>> > Aug 13 09:52:12 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:12 AM
>> > org.apache.catalina.startup.HostConfig deployDescriptor
>> > Aug 13 09:52:12 lead.bioinf.local server[5213]: INFO: Deploying
>> > configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM
>> > org.apache.jasper.EmbeddedServletOptions <init>
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: SEVERE: The scratchDir
>> you
>> > specified: /var/lib/pki/pki-tomcat/work/Catalina/localhost/pki is
>> unusable.
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM
>> > org.apache.catalina.startup.HostConfig deployDescriptor
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Deployment of
>> > configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/pki.xml
>> has
>> > finished in 2,683 ms
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM
>> > org.apache.coyote.AbstractProtocol start
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Starting
>> > ProtocolHandler ["http-bio-8080"]
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM
>> > org.apache.coyote.AbstractProtocol start
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Starting
>> > ProtocolHandler ["http-bio-8443"]
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM
>> > org.apache.coyote.AbstractProtocol start
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Starting
>> > ProtocolHandler ["ajp-bio-127.0.0.1-8009"]
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: Aug 13, 2015 9:52:16 AM
>> > org.apache.catalina.startup.Catalina start
>> > Aug 13 09:52:16 lead.bioinf.local server[5213]: INFO: Server startup in
>> > 17320 ms
>> >
>> > May this be related to my slow login problem ?
>>
>> I don't think so. You really need to look into the sssd domain log,
>> check what requests (getAccountInfo) take the longest.
>>
>>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150813/125338ae/attachment.htm>
More information about the Freeipa-users
mailing list