FreeIPA failover not working - FreeIPA-users - Fedora mailing-lists

23 Aug 2017


      Hi,
we are testing a FreeIPA trust to an Active Directory. Trust itself
works, we are happy. Now we tested a failure on FreeIPA site. We have
two instances, both with same roles. If we poweroff first installed
server, and clean sssd caches with restart of sssd on client side , sssd
service can’t establish a connection to second instance.
ipa-lx-test-01.ipa.example.com is the first installed FreeIPA with
ipa-server-4.4.0-14.el7.centos.7.x86_64 on latest CentOS7
ipa-lx-test-02.ipa.example.com is the second installed FreeIPA with
ipa-server-4.4.0-14.el7.centos.7.x86_64 on latest CentOS7
ipa-lx-test-debian9.ipa.example.com is a latest Debian 9.1 with sssd
1.15.0-3
For deeper inspection full log is attached. In logs we found something
like this:
|(Wed Aug 23 16:07:06 2017) [sssd[be[ipa.example.com]]]
[set_server_common_status] (0x0100): Marking server
'ipa-lx-test-01.ipa.example.com' as 'name resolved' (Wed Aug 23 16:07:06
2017) [sssd[be[ipa.example.com]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server (Wed Aug 23 16:07:06 2017)
[sssd[be[ipa.example.com]]] [be_resolve_server_process] (0x0200): Found
address for server ipa-lx-test-01.ipa.example.com: [x.x.x.x] TTL 1200
(Wed Aug 23 16:07:06 2017) [sssd[be[ipa.example.com]]]
[ipa_resolve_callback] (0x0400): Constructed uri
'ldap://ipa-lx-test-01.ipa.example.com' (Wed Aug 23 16:07:06 2017)
[sssd[be[ipa.example.com]]] [unique_filename_destructor] (0x2000):
Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_2zXOse] (Wed Aug 23
16:07:06 2017) [sssd[be[ipa.example.com]]] [unlink_dbg] (0x2000): File
already removed: [/var/lib/sss/pubconf/.krb5info_dummy_2zXOse] (Wed Aug
23 16:07:06 2017) [sssd[be[ipa.example.com]]]
[sssd_async_socket_init_send] (0x4000): Using file descriptor [19] for
the connection. (Wed Aug 23 16:07:06 2017) [sssd[be[ipa.example.com]]]
[sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for
connecting (Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[sssd_async_connect_done] (0x0020): connect failed [113][Keine Route zum
Zielrechner]. (Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[sssd_async_socket_init_done] (0x0020): sdap_async_sys_connect request
failed: [113]: Keine Route zum Zielrechner. (Wed Aug 23 16:07:09 2017)
[sssd[be[ipa.example.com]]] [sssd_async_socket_state_destructor]
(0x0400): closing socket [19] (Wed Aug 23 16:07:09 2017)
[sssd[be[ipa.example.com]]] [sss_ldap_init_sys_connect_done] (0x0020):
sssd_async_socket_init request failed: [113]: Keine Route zum
Zielrechner. (Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[sdap_sys_connect_done] (0x0020): sdap_async_connect_call request
failed: [113]: Keine Route zum Zielrechner. (Wed Aug 23 16:07:09 2017)
[sssd[be[ipa.example.com]]] [sdap_handle_release] (0x2000): Trace:
sh[0x558252c36770], connected[0], ops[(nil)], ldap[(nil)],
destructor_lock[0], release_memory[0] (Wed Aug 23 16:07:09 2017)
[sssd[be[ipa.example.com]]] [_be_fo_set_port_status] (0x8000): Setting
status: PORT_NOT_WORKING. Called from:
../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_done:
1572 (Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[fo_set_port_status] (0x0100): Marking port 389 of server
'ipa-lx-test-01.ipa.example.com' as 'not working' (Wed Aug 23 16:07:09
2017) [sssd[be[ipa.example.com]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'ipa-lx-test-01.ipa.example.com' as 'not
working' |
Thats true, ‘Keine Route zum Zielrechner’ means ‘no route to host’,
first instance is poweroff. Well looking forward in logfile
|(Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Wed
Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]] [get_server_status]
(0x1000): Status of server 'ipa-lx-test-02.ipa.example.com' is 'name not
resolved' (Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[get_port_status] (0x1000): Port status of port 389 for server
'ipa-lx-test-02.ipa.example.com' is 'neutral' (Wed Aug 23 16:07:09 2017)
[sssd[be[ipa.example.com]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds (Wed Aug 23 16:07:09 2017)
[sssd[be[ipa.example.com]]] [resolve_srv_send] (0x0200): The status of
SRV lookup is resolved (Wed Aug 23 16:07:09 2017)
[sssd[be[ipa.example.com]]] [get_server_status] (0x1000): Status of
server 'ipa-lx-test-02.ipa.example.com' is 'name not resolved' (Wed Aug
23 16:07:09 2017) [sssd[be[ipa.example.com]]] [resolv_is_address]
(0x4000): [ipa-lx-test-02.ipa.example.com] does not look like an IP
address (Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[resolv_gethostbyname_step] (0x2000): Querying files (Wed Aug 23
16:07:09 2017) [sssd[be[ipa.example.com]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record
of 'ipa-lx-test-02.ipa.example.com' in files (Wed Aug 23 16:07:09 2017)
[sssd[be[ipa.example.com]]] [set_server_common_status] (0x0100): Marking
server 'ipa-lx-test-02.ipa.example.com' as 'resolving name' (Wed Aug 23
16:07:09 2017) [sssd[be[ipa.example.com]]] [resolv_gethostbyname_step]
(0x2000): Querying files (Wed Aug 23 16:07:09 2017)
[sssd[be[ipa.example.com]]] [resolv_gethostbyname_files_send] (0x0100):
Trying to resolve AAAA record of 'ipa-lx-test-02.ipa.example.com' in
files (Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[resolv_gethostbyname_next] (0x0200): No more address families to retry
(Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[resolv_gethostbyname_step] (0x2000): Querying DNS (Wed Aug 23 16:07:09
2017) [sssd[be[ipa.example.com]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'ipa-lx-test-02.ipa.example.com'
in DNS (Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Wed Aug 23 16:07:09 2017) [sssd[be[ipa.example.com]]]
[schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Wed
Aug 23 16:07:10 2017) [sssd[be[ipa.example.com]]] [check_fd_timeouts]
(0x4000): Checking for DNS timeouts (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [check_fd_timeouts] (0x4000): Checking for
DNS timeouts (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Wed Aug
23 16:07:11 2017) [sssd[be[ipa.example.com]]] [request_watch_destructor]
(0x0400): Deleting request watch (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [set_server_common_status] (0x0100): Marking
server 'ipa-lx-test-02.ipa.example.com' as 'name resolved' (Wed Aug 23
16:07:11 2017) [sssd[be[ipa.example.com]]] [be_resolve_server_process]
(0x0200): Found address for server ipa-lx-test-02.ipa.example.com:
[x.x.x.x] TTL 1200 (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [ipa_resolve_callback] (0x0400): Constructed
uri 'ldap://ipa-lx-test-02.ipa.example.com' (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [unique_filename_destructor] (0x2000):
Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_U1QQrA] (Wed Aug 23
16:07:11 2017) [sssd[be[ipa.example.com]]] [unlink_dbg] (0x2000): File
already removed: [/var/lib/sss/pubconf/.krb5info_dummy_U1QQrA] (Wed Aug
23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[sssd_async_socket_init_send] (0x4000): Using file descriptor [19] for
the connection. (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for
connecting (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[ldap://ipa-lx-test-02.ipa.example.com:389/??base] with fd [19]. (Wed
Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[sdap_get_rootdse_send] (0x4000): Getting rootdse (Wed Aug 23 16:07:11
2017) [sssd[be[ipa.example.com]]] [sdap_print_server] (0x2000):
Searching x.x.x.x:389 (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(objectclass=*)][]. (Wed Aug 23 16:07:11
2017) [sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [*] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [altServer] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [namingContexts] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedControl] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedExtension] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedFeatures] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedLDAPVersion] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedSASLMechanisms] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [domainControllerFunctionality] (Wed Aug 23 16:07:11
2017) [sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [defaultNamingContext] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [lastUSN] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [highestCommittedUSN] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 1 (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_op_add] (0x2000): New operation 1
timeout 6 (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[sdap_process_result] (0x2000): Trace: sh[0x558252c35750], connected[1],
ops[0x558252c36640], ldap[0x558252c130c0] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_entry] (0x1000): OriginalDN: [].
(Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Wed
Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [vendorName] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [vendorVersion] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dataversion] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [netscapemdsuffix] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [changeLog] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [firstchangenumber] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [lastchangenumber] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipatopologypluginversion] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipatopologyismanaged] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaDomainLevel] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [namingContexts] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedControl] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedExtension] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedFeatures] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPVersion] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedSASLMechanisms] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [defaultNamingContext] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_parse_range] (0x2000): No
sub-attributes for [lastUSN] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_process_result] (0x2000): Trace:
sh[0x558252c35750], connected[1], ops[0x558252c36640],
ldap[0x558252c130c0] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_op_destructor] (0x2000): Operation 1
finished (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[sdap_get_rootdse_done] (0x2000): Got rootdse (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_rootdse_done] (0x2000): Skipping
auto-detection of match rule (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [get_naming_context] (0x0200): Using value
from [defaultNamingContext] as naming context. (Wed Aug 23 16:07:11
2017) [sssd[be[ipa.example.com]]] [sdap_set_search_base] (0x0100):
Setting option [ldap_sudo_search_base] to [dc=ipa,dc=example,dc=com].
(Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[common_parse_search_base] (0x0100): Search base added:
[SUDO][dc=ipa,dc=example,dc=com][SUBTREE][] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_get_server_opts_from_rootdse]
(0x4000): USN value: 41151 (int: 41151) (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_kinit_send] (0x0400): Attempting kinit
(default, host/ipa-lx-test-debian9.ipa.example.com, ipa.example.com,
86400) (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service IPA (Wed
Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Wed
Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]] [get_server_status]
(0x1000): Status of server 'ipa-lx-test-02.ipa.example.com' is 'name
resolved' (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Wed
Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]] [get_server_status]
(0x1000): Status of server 'ipa-lx-test-02.ipa.example.com' is 'name
resolved' (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[be_resolve_server_process] (0x0200): Found address for server
ipa-lx-test-02.ipa.example.com: [x.x.x.x] TTL 1200 (Wed Aug 23 16:07:11
2017) [sssd[be[ipa.example.com]]] [sdap_kinit_kdc_resolved] (0x1000):
KDC resolved, attempting to get TGT... (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [create_tgt_req_send_buffer] (0x0400):
buffer size: 81 (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[child_handler_setup] (0x2000): Setting up signal handler up for pid
[2104] (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[child_handler_setup] (0x2000): Signal handler set up for pid [2104]
(Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt
child (Wed Aug 23 16:07:11 2017) [sssd[be[ipa.example.com]]]
[sdap_process_result] (0x2000): Trace: sh[0x558252c35750], connected[1],
ops[(nil)], ldap[0x558252c130c0] (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [sdap_process_result] (0x2000): Trace: end
of ldap_result list (Wed Aug 23 16:07:11 2017)
[sssd[be[ipa.example.com]]] [write_pipe_handler] (0x0400): All data has
been sent! (Wed Aug 23 16:07:17 2017) [sssd[be[ipa.example.com]]]
[get_tgt_timeout_handler] (0x4000): timeout for sending SIGTERM to tgt
child [2104] reached. (Wed Aug 23 16:07:17 2017)
[sssd[be[ipa.example.com]]] [get_tgt_timeout_handler] (0x0400): Setting
2 seconds timeout for sending SIGKILL to tgt child (Wed Aug 23 16:07:17
2017) [sssd[be[ipa.example.com]]] [read_pipe_handler] (0x0400): EOF
received, client finished (Wed Aug 23 16:07:17 2017)
[sssd[be[ipa.example.com]]] [child_sig_handler] (0x1000): Waiting for
child [2104]. (Wed Aug 23 16:07:17 2017) [sssd[be[ipa.example.com]]]
[child_sig_handler] (0x0020): child [2104] failed with status [7]. (Wed
Aug 23 16:07:17 2017) [sssd[be[ipa.example.com]]] [child_callback]
(0x0020): LDAP child was terminated due to timeout (Wed Aug 23 16:07:17
2017) [sssd[be[ipa.example.com]]] [sdap_kinit_done] (0x0080):
Communication with KDC timed out, trying the next one (Wed Aug 23
16:07:17 2017) [sssd[be[ipa.example.com]]] [_be_fo_set_port_status]
(0x8000): Setting status: PORT_NOT_WORKING. Called from:
../src/providers/ldap/sdap_async_connection.c: sdap_kinit_done: 1207
(Wed Aug 23 16:07:17 2017) [sssd[be[ipa.example.com]]]
[fo_set_port_status] (0x0100): Marking port 389 of server
'ipa-lx-test-02.ipa.example.com' as 'not working' (Wed Aug 23 16:07:17
2017) [sssd[be[ipa.example.com]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'ipa-lx-test-02.ipa.example.com' as 'not
working' |
Ok, second server was found, but we ran in an timeout getting a TGT. If
i manually try to get a kerberos ticket it works, but with a long delay.
ipa-lx-test-debian9.ipa.example.com’s sssd.conf:
|[domain/ipa.example.com] cache_credentials = True
krb5_store_password_if_offline = True ipa_domain = ipa.example.com
id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname
= ipa-lx-test-debian9.ipa.example.com chpass_provider = ipa
ipa_dyndns_update = True ipa_server = _srv_,
ipa-lx-test-01.ipa.example.com ldap_tls_cacert = /etc/ipa/ca.crt
#subdomain_homedir = /home/%u fallback_homedir = /home/%u default_shell
= /bin/bash shell_fallback = /bin/bash debug_level = 10 [sssd] services
= nss, sudo, pam, ssh config_file_version = 2 domains = nbg.webtrekk.com
default_domain_suffix = example.com full_name_format = %1$s debug_level
= 10 [nss] debug_level = 10 [pam] [sudo] [autofs] [ssh] debug_level = 10
[pac] [ifp] |
So some need is help.
Michael