Hi folks,
I read somewhere that it is not recommended to run nscd to cache passwd on ipa clients, but I wonder: What if?
I still have the problem that sometimes some sssd components disappear somehow, e.g. sssd_pam. The logfile on our mail gateway said
: (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 74 (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): Client already disconnected (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): Client already disconnected (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. : : (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 11 (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. : : (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_aixigo.de] (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/var/lib/sss/pipes/private/sbus-dp_aixigo.de] (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/responder with D-Bus connection (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. :
Some EMails were bounced with user unknown at the same time, so I would guess there is a coincidence. Question is, could nscd be an option here, providing an additional cache for user accounts? What side effects could come up?
Platform is Debian 9, sssd is version 1.16.2, nscd version 2.24.
Every helpful comment is highly appreciated. Regards Harri
On Wed, Sep 19, 2018 at 02:04:28PM +0200, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
I read somewhere that it is not recommended to run nscd to cache passwd on ipa clients, but I wonder: What if?
It's not technically impossible, but you'd get one more caching layer, so the setup would be less predictable, e.g. knowing where did a NSS reply come from is more complex, it could be from nscd, it could be from sssd, ...
I still have the problem that sometimes some sssd components disappear somehow, e.g. sssd_pam. The logfile on our mail gateway said
: (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 74 (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): Client already disconnected (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): Client already disconnected (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring.
This indicated a crash in sssd_be...I don't know Debian almost at all, but I would check the syslog for evidence..
: : (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 11 (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. : : (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_aixigo.de] (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/var/lib/sss/pipes/private/sbus-dp_aixigo.de] (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/responder with D-Bus connection (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. :
Some EMails were bounced with user unknown at the same time, so I would guess there is a coincidence. Question is, could nscd be an option here, providing an additional cache for user accounts? What side effects could come up?
Platform is Debian 9, sssd is version 1.16.2, nscd version 2.24.
Every helpful comment is highly appreciated. Regards Harri _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hi Jakub,
On 9/21/18 3:24 PM, Jakub Hrozek via FreeIPA-users wrote:
On Wed, Sep 19, 2018 at 02:04:28PM +0200, Harald Dunkel via FreeIPA-users wrote:
I still have the problem that sometimes some sssd components disappear somehow, e.g. sssd_pam. The logfile on our mail gateway said
: (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 74 (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): Client already disconnected (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): Client already disconnected (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring. (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting. Deferring.
This indicated a crash in sssd_be...I don't know Debian almost at all, but I would check the syslog for evidence..
According to syslog the services were shut down and restarted for an unknown reason:
Sep 18 22:32:30 srvvm01 sssd[pam]: Shutting down Sep 18 22:32:31 srvvm01 sssd[pam]: Starting up Sep 18 22:34:11 srvvm01 sssd[nss]: Shutting down Sep 18 22:34:12 srvvm01 sssd[nss]: Starting up Sep 18 22:34:28 srvvm01 sssd[be[example.de]]: Shutting down Sep 18 22:34:28 srvvm01 sssd[be[example.de]]: Starting up
No crash. Please note that other sssd services were *not* restarted.
??? Harri
freeipa-users@lists.fedorahosted.org