[Freeipa-users] performance scaling of sssd / freeipa

[Sullivan, Daniel [CRI]]

Thank you for responding Lukas.  This is actually a domain controller that trusts an AD domain, as far as I know winbindd was never installed specifically to fulfill a purpose other than for IPA (the machine was deployed specifically for the purpose of being an IPA DC).  Hopefully this sounds reasonable and sane…

And, no, winbind is not configured in nsswitch.

Dan

> On Jan 20, 2017, at 4:48 PM, Lukas Slebodnik <lslebodn at redhat.com> wrote:
> 
> On (20/01/17 20:18), Sullivan, Daniel [CRI] wrote:
>> Sorry to clutter people's inboxes.  I found another piece of what I believe to be useful information.  When this occurs the following entry also appears in /var/log/messages.
>> 
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:54:33.942448,  0] ipa_sam.c:4193(bind_callback_cleanup)
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   kerberos error: code=-1765328228, message=Cannot contact any KDC for realm ‘XXX.XXX.UCHICAGO.EDU'
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:54:33.943497,  0] ../source3/lib/smbldap.c:998(smbldap_connect_system)
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   failed to bind to server ldapi://%2fvar%2frun%2fslapd-XXX-XXX-UCHICAGO-EDU.socket with dn="[Anonymous bind]" Error: Local error
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   #011(unknown)
>> Jan 20 13:55:16 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:55:16.970304,  0] ipa_sam.c:4193(bind_callback_cleanup)
>> Jan 20 13:55:16 xxx.xxx.uchicago.edu winbindd[7090]:   kerberos error: code=-1765328228, message=Cannot contact any KDC for realm ‘XXX.XXX.UCHICAGO.EDU'
>> Jan 20 14:00:01 xxx.xxx.uchicago.edu systemd[1]: Created slice user-0.slice.
>> 
> May I ask why you have configure sssd and winbind on the same machine?
> Do you have configured winbind also in /etc/nsswitch.conf?
> 
> LS