<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">Jakub, <br> <br> So far I have no logs, unfortunately since this is quite the disruptive activity I am not willing to reproduce. If I get some time I can try to built a replica environment and try it there, but I don't see me having that time. <br> <br> John<br> <br> On 7/7/14, 4:28 PM, Jakub Hrozek wrote:<br> </div> <blockquote cite="mid:20140707202841.GL6840@hendrix.brq.redhat.com" type="cite"> <pre wrap="">On Mon, Jul 07, 2014 at 04:09:24PM -0300, Bruno Henrique Barbosa wrote: </pre> <blockquote type="cite"> <pre wrap="">I can confirm this, I usually run through this after a power outage on my datacenter... Suddenly my /var/log/secure starts saying invalid user (7) to SSH attempts, SSSD logs empty, and I have to logon and restart sssd on every VM manually. </pre> </blockquote> <pre wrap=""> Hello Bruno, see my reply to John, if you can capture the sssd logs, that would be very welcome in tracking down the problem. </pre> <blockquote type="cite"> <pre wrap=""> ----- Mensagem original ----- De: "John Moyer" <a class="moz-txt-link-rfc2396E" href="mailto:john.moyer@digitalreasoning.com"><john.moyer@digitalreasoning.com></a> Para: "Jakub Hrozek" <a class="moz-txt-link-rfc2396E" href="mailto:jhrozek@redhat.com"><jhrozek@redhat.com></a>, <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a> Enviadas: Segunda-feira, 7 de julho de 2014 15:56:18 Assunto: Re: [Freeipa-users] IPA Service Restart causes clients to stop working The /var/log/secure is saying invalid user. When I do a getent passwd $USER I can't get any user from IPA until sssd is restarted. The SSSD logs are completely empty. Below is the sssd.conf if that helps. Also I just had a server that I fixed (by restarting sssd) break again, restarting sssd fixed it again though. sssd.conf [domain/digitalreasoning.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = digitalreasoning.com id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = client.digitalreasoning.com chpass_provider = ipa ipa_server = _srv_, server1.digitalreasoning.com dns_discovery_domain = digitalreasoning.com [sssd] services = nss, pam, ssh config_file_version = 2 domains = digitalreasoning.com [nss] [pam] [sudo] [autofs] [ssh] [pac] On 7/7/14, 2:19 PM, Jakub Hrozek wrote: On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote: <blockquote> Hello All, Some of the services in IPA stopped responding and I restarted the service (as I couldn't login to the website or via ssh to any registered hosts). After the restart I could login to the web app, but still no clients. I currently can login to one client that I restarted sssd on. Any suggestions how to fix the rest without having to go to all of them to restart sssd? Can you log in as root to the clients and check out /var/log/secure and/or the sssd logs? Do your clients cache credentials? I suspect that when IPA went down, the clients went offline and still haven't re-checked the online status..how long since the IPA server went offline? </blockquote> Thanks, John Moyer Director, IT Operations -- Manage your subscription for the Freeipa-users mailing list: <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> Go To <a class="moz-txt-link-freetext" href="http://freeipa.org">http://freeipa.org</a> for more info on the project </pre> </blockquote> </blockquote> <br> <br> <div class="moz-signature"><br> <br> Thanks,<br> <hr> John Moyer<br> Director, IT Operations<br> </div> </body> </html>