Hi,
I am getting the following from some of the clients machine I'm not sure why some of them sending this info otherwise my authentication and login all is working fine but I'm concern why its happening and my log is full of the following kind of message:
Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uidNumber=4294967295)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))" Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap
Server info: CentOS release 6.6 LDAP version: openldap-2.4.40
Client info: CentOS release 6.2 Client using SSSD: sssd-1.11.6 (installed through yum)
Best regards, Majid.
On Tue, Apr 28, 2015 at 08:52:32AM +0000, Majid Khan wrote:
Hi,
I am getting the following from some of the clients machine I'm not sure why some of them sending this info otherwise my authentication and login all is working fine but I'm concern why its happening and my log is full of the following kind of message:
Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uidNumber=4294967295)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))" Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap
Server info: CentOS release 6.6 LDAP version: openldap-2.4.40
Client info: CentOS release 6.2 Client using SSSD: sssd-1.11.6 (installed through yum)
You need to enable SSSD logging (NSS responder in particular) to see which client requested this UID: https://fedorahosted.org/sssd/wiki/Troubleshooting
I suspect it's something like the nfsnobody user.
Thanks jakub for the reply, I did that but couldn't get anything useful only the following lines: (Tue Apr 28 10:04:00 2015) [sssd] [service_send_ping] (0x0100): Pinging default (Tue Apr 28 10:04:00 2015) [sssd] [sbus_add_timeout] (0x2000): 0x62e0a0 (Tue Apr 28 10:04:00 2015) [sssd] [service_send_ping] (0x0100): Pinging nss (Tue Apr 28 10:04:00 2015) [sssd] [sbus_add_timeout] (0x2000): 0x62e4a0 (Tue Apr 28 10:04:00 2015) [sssd] [service_send_ping] (0x0100): Pinging pam (Tue Apr 28 10:04:00 2015) [sssd] [sbus_add_timeout] (0x2000): 0x62a280 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_remove_timeout] (0x2000): 0x62e0a0 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x626730 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Apr 28 10:04:00 2015) [sssd] [ping_check] (0x0100): Service default replied to ping (Tue Apr 28 10:04:00 2015) [sssd] [sbus_remove_timeout] (0x2000): 0x62e4a0 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x62bb50 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Apr 28 10:04:00 2015) [sssd] [ping_check] (0x0100): Service nss replied to ping (Tue Apr 28 10:04:00 2015) [sssd] [sbus_remove_timeout] (0x2000): 0x62a280 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x62ac10 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Apr 28 10:04:00 2015) [sssd] [ping_check] (0x0100): Service pam replied to ping
I do have nfsnobody but the id is different and I am already filtering that user in the sssd.conf [daemon@a sssd]# id nfsnobody uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody)
sssd.conf [sssd] config_file_version = 2 services = nss, pam domains = default debug_level = 9
[nss] filter_users = abrt,avahi,adm,bin,daemon,dbus,disk,exim,ftp,games,gopher,haldaemon,halt,lp,ldap,mail,mysql,named,news,nfsnobody,nobody,nscd,ntp,operator,oprofile,qpidd,radiusd,root,rpc,rpcuser,saslauth,shutdown,sshd,sys,sync,tty,tcpdump,uucp,vcsa filter_groups = abrt,avahi,adm,bin,daemon,dbus,disk,exim,ftp,games,gopher,haldaemon,halt,lp,ldap,mail,mysql,named,news,nfsnobody,nobody,nscd,ntp,operator,oprofile,qpidd,radiusd,root,rpc,rpcuser,saslauth,shutdown,sshd,sys,sync,tty,tcpdump,uucp,vcsa
[pam]
[domain/default] ldap_tls_reqcert = never auth_provider = ldap id_provider = ldap ldap_search_base = dc=example,dc=com ldap_uri = ldaps://ldap1.example.com/ ldap_id_use_start_tls = TRUE ldap_tls_cacertdir = /etc/openldap/cacerts
Any other tip to fix it? Best regards,
From: Jakub Hrozek jhrozek@redhat.com To: sssd-users@lists.fedorahosted.org Sent: Tuesday, April 28, 2015 1:00 PM Subject: Re: [SSSD-users] uidNumber=4294967295 is being appearing in the log frequently
On Tue, Apr 28, 2015 at 08:52:32AM +0000, Majid Khan wrote:
Hi,
I am getting the following from some of the clients machine I'm not sure why some of them sending this info otherwise my authentication and login all is working fine but I'm concern why its happening and my log is full of the following kind of message:
Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uidNumber=4294967295)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))" Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap
Server info: CentOS release 6.6 LDAP version: openldap-2.4.40
Client info: CentOS release 6.2 Client using SSSD: sssd-1.11.6 (installed through yum)
You need to enable SSSD logging (NSS responder in particular) to see which client requested this UID: https://fedorahosted.org/sssd/wiki/Troubleshooting
I suspect it's something like the nfsnobody user. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Ok I enabled the debug in nss cache and getting this: (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache) (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache) (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache) (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache) (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1].
From: Majid Khan majidkhan59@yahoo.com To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Sent: Tuesday, April 28, 2015 2:10 PM Subject: Re: [SSSD-users] uidNumber=4294967295 is being appearing in the log frequently
Thanks jakub for the reply, I did that but couldn't get anything useful only the following lines: (Tue Apr 28 10:04:00 2015) [sssd] [service_send_ping] (0x0100): Pinging default (Tue Apr 28 10:04:00 2015) [sssd] [sbus_add_timeout] (0x2000): 0x62e0a0 (Tue Apr 28 10:04:00 2015) [sssd] [service_send_ping] (0x0100): Pinging nss (Tue Apr 28 10:04:00 2015) [sssd] [sbus_add_timeout] (0x2000): 0x62e4a0 (Tue Apr 28 10:04:00 2015) [sssd] [service_send_ping] (0x0100): Pinging pam (Tue Apr 28 10:04:00 2015) [sssd] [sbus_add_timeout] (0x2000): 0x62a280 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_remove_timeout] (0x2000): 0x62e0a0 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x626730 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Apr 28 10:04:00 2015) [sssd] [ping_check] (0x0100): Service default replied to ping (Tue Apr 28 10:04:00 2015) [sssd] [sbus_remove_timeout] (0x2000): 0x62e4a0 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x62bb50 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Apr 28 10:04:00 2015) [sssd] [ping_check] (0x0100): Service nss replied to ping (Tue Apr 28 10:04:00 2015) [sssd] [sbus_remove_timeout] (0x2000): 0x62a280 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x62ac10 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Apr 28 10:04:00 2015) [sssd] [ping_check] (0x0100): Service pam replied to ping
I do have nfsnobody but the id is different and I am already filtering that user in the sssd.conf [daemon@a sssd]# id nfsnobody uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody)
sssd.conf [sssd] config_file_version = 2 services = nss, pam domains = default debug_level = 9
[nss] filter_users = abrt,avahi,adm,bin,daemon,dbus,disk,exim,ftp,games,gopher,haldaemon,halt,lp,ldap,mail,mysql,named,news,nfsnobody,nobody,nscd,ntp,operator,oprofile,qpidd,radiusd,root,rpc,rpcuser,saslauth,shutdown,sshd,sys,sync,tty,tcpdump,uucp,vcsa filter_groups = abrt,avahi,adm,bin,daemon,dbus,disk,exim,ftp,games,gopher,haldaemon,halt,lp,ldap,mail,mysql,named,news,nfsnobody,nobody,nscd,ntp,operator,oprofile,qpidd,radiusd,root,rpc,rpcuser,saslauth,shutdown,sshd,sys,sync,tty,tcpdump,uucp,vcsa
[pam]
[domain/default] ldap_tls_reqcert = never auth_provider = ldap id_provider = ldap ldap_search_base = dc=example,dc=com ldap_uri = ldaps://ldap1.example.com/ ldap_id_use_start_tls = TRUE ldap_tls_cacertdir = /etc/openldap/cacerts
Any other tip to fix it? Best regards,
From: Jakub Hrozek jhrozek@redhat.com To: sssd-users@lists.fedorahosted.org Sent: Tuesday, April 28, 2015 1:00 PM Subject: Re: [SSSD-users] uidNumber=4294967295 is being appearing in the log frequently
On Tue, Apr 28, 2015 at 08:52:32AM +0000, Majid Khan wrote:
Hi,
I am getting the following from some of the clients machine I'm not sure why some of them sending this info otherwise my authentication and login all is working fine but I'm concern why its happening and my log is full of the following kind of message:
Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uidNumber=4294967295)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))" Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap
Server info: CentOS release 6.6 LDAP version: openldap-2.4.40
Client info: CentOS release 6.2 Client using SSSD: sssd-1.11.6 (installed through yum)
You need to enable SSSD logging (NSS responder in particular) to see which client requested this UID: https://fedorahosted.org/sssd/wiki/Troubleshooting
I suspect it's something like the nfsnobody user. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi Jakub, Sorry for sending you the info in pieces this is the complete log:
(Tue Apr 28 10:16:03 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:16:03 2015) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [-1@default] (Tue Apr 28 10:16:03 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x418850:1:-1@default] (Tue Apr 28 10:16:03 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][4097][1][idnumber=4294967295] (Tue Apr 28 10:16:03 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x418850:1:-1@default] (Tue Apr 28 10:16:03 2015) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0080): No matching domain found for [-1] (Tue Apr 28 10:16:03 2015) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [-1@default] (Tue Apr 28 10:16:03 2015) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/UID/4294967295] to negative cache (Tue Apr 28 10:16:03 2015) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0080): No matching domain found for [-1] (Tue Apr 28 10:16:03 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x418850:1:-1@default] (Tue Apr 28 10:16:03 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:16:03 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache) (Tue Apr 28 10:16:03 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:16:03 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache)
From: Majid Khan majidkhan59@yahoo.com To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Sent: Tuesday, April 28, 2015 2:12 PM Subject: Re: [SSSD-users] uidNumber=4294967295 is being appearing in the log frequently
Ok I enabled the debug in nss cache and getting this: (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache) (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache) (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache) (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1]. (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Uid [4294967295] does not exist! (negative cache) (Tue Apr 28 10:11:59 2015) [sssd[nss]] [nss_cmd_getbyid] (0x0400): Running command [18] with id [-1].
From: Majid Khan majidkhan59@yahoo.com To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Sent: Tuesday, April 28, 2015 2:10 PM Subject: Re: [SSSD-users] uidNumber=4294967295 is being appearing in the log frequently
Thanks jakub for the reply, I did that but couldn't get anything useful only the following lines: (Tue Apr 28 10:04:00 2015) [sssd] [service_send_ping] (0x0100): Pinging default (Tue Apr 28 10:04:00 2015) [sssd] [sbus_add_timeout] (0x2000): 0x62e0a0 (Tue Apr 28 10:04:00 2015) [sssd] [service_send_ping] (0x0100): Pinging nss (Tue Apr 28 10:04:00 2015) [sssd] [sbus_add_timeout] (0x2000): 0x62e4a0 (Tue Apr 28 10:04:00 2015) [sssd] [service_send_ping] (0x0100): Pinging pam (Tue Apr 28 10:04:00 2015) [sssd] [sbus_add_timeout] (0x2000): 0x62a280 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_remove_timeout] (0x2000): 0x62e0a0 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x626730 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Apr 28 10:04:00 2015) [sssd] [ping_check] (0x0100): Service default replied to ping (Tue Apr 28 10:04:00 2015) [sssd] [sbus_remove_timeout] (0x2000): 0x62e4a0 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x62bb50 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Apr 28 10:04:00 2015) [sssd] [ping_check] (0x0100): Service nss replied to ping (Tue Apr 28 10:04:00 2015) [sssd] [sbus_remove_timeout] (0x2000): 0x62a280 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x62ac10 (Tue Apr 28 10:04:00 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Apr 28 10:04:00 2015) [sssd] [ping_check] (0x0100): Service pam replied to ping
I do have nfsnobody but the id is different and I am already filtering that user in the sssd.conf [daemon@a sssd]# id nfsnobody uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody)
sssd.conf [sssd] config_file_version = 2 services = nss, pam domains = default debug_level = 9
[nss] filter_users = abrt,avahi,adm,bin,daemon,dbus,disk,exim,ftp,games,gopher,haldaemon,halt,lp,ldap,mail,mysql,named,news,nfsnobody,nobody,nscd,ntp,operator,oprofile,qpidd,radiusd,root,rpc,rpcuser,saslauth,shutdown,sshd,sys,sync,tty,tcpdump,uucp,vcsa filter_groups = abrt,avahi,adm,bin,daemon,dbus,disk,exim,ftp,games,gopher,haldaemon,halt,lp,ldap,mail,mysql,named,news,nfsnobody,nobody,nscd,ntp,operator,oprofile,qpidd,radiusd,root,rpc,rpcuser,saslauth,shutdown,sshd,sys,sync,tty,tcpdump,uucp,vcsa
[pam]
[domain/default] ldap_tls_reqcert = never auth_provider = ldap id_provider = ldap ldap_search_base = dc=example,dc=com ldap_uri = ldaps://ldap1.example.com/ ldap_id_use_start_tls = TRUE ldap_tls_cacertdir = /etc/openldap/cacerts
Any other tip to fix it? Best regards,
From: Jakub Hrozek jhrozek@redhat.com To: sssd-users@lists.fedorahosted.org Sent: Tuesday, April 28, 2015 1:00 PM Subject: Re: [SSSD-users] uidNumber=4294967295 is being appearing in the log frequently
On Tue, Apr 28, 2015 at 08:52:32AM +0000, Majid Khan wrote:
Hi,
I am getting the following from some of the clients machine I'm not sure why some of them sending this info otherwise my authentication and login all is working fine but I'm concern why its happening and my log is full of the following kind of message:
Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uidNumber=4294967295)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))" Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap
Server info: CentOS release 6.6 LDAP version: openldap-2.4.40
Client info: CentOS release 6.2 Client using SSSD: sssd-1.11.6 (installed through yum)
You need to enable SSSD logging (NSS responder in particular) to see which client requested this UID: https://fedorahosted.org/sssd/wiki/Troubleshooting
I suspect it's something like the nfsnobody user. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Tue, Apr 28, 2015 at 10:17:23AM +0000, Majid Khan wrote:
Hi Jakub, Sorry for sending you the info in pieces this is the complete log:
You're looking for get_client_cred message to see who connected to SSSD and requested the ID.
btw I just tested filter_users and filter_groups with numerical parameter and it didn't work for me. I guess it's a bug.
so is there any work around to fix this? and does it have any impact on the LDAP server?, one thing is for sure that the server is getting hit with these request quite frequently like after 4 secs and we have many other client machine hitting wiht the same frequency.
Best regards,
From: Jakub Hrozek jhrozek@redhat.com To: sssd-users@lists.fedorahosted.org Sent: Tuesday, April 28, 2015 2:58 PM Subject: Re: [SSSD-users] uidNumber=4294967295 is being appearing in the log frequently
On Tue, Apr 28, 2015 at 10:17:23AM +0000, Majid Khan wrote:
Hi Jakub, Sorry for sending you the info in pieces this is the complete log:
You're looking for get_client_cred message to see who connected to SSSD and requested the ID.
btw I just tested filter_users and filter_groups with numerical parameter and it didn't work for me. I guess it's a bug.
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Tue, Apr 28, 2015 at 11:17:53AM +0000, Majid Khan wrote:
so is there any work around to fix this? and does it have any impact on the LDAP server?, one thing is for sure that the server is getting hit with these request quite frequently like after 4 secs and we have many other client machine hitting wiht the same frequency.
Ideally find out which application is requesting this ID and stop it from doing so.
Alternatively, increase the negative cache timeout. Or even limit the ID range with min_id/max_id options.
btw this is not a sssd-specific problem, except maybe the inability to setup the permanent negative cache per ID. Even if you were running nss_ldap or something else, the queries would get through.
Hi Jakub,
Thanks for the workaround, for the ID -1 I couldn't find this ID in the whole system I have checked both passwd and group but nothing, so there is no such application running with -1 ID. 1- I increased the negative cache time out to 5 mins not sure the impact of it ?2- I have defined min_id and max_id (question: this min_id and max_id is being checked at client level by sssd or it goes to LDAP server and then we get the answer?) Doing the above 2 have fixed hitting the LDAP server which was for me a pain because of its high frequency to hit the server from many machines. Thanks again. Best regards, Majid From: Jakub Hrozek jhrozek@redhat.com To: sssd-users@lists.fedorahosted.org Sent: Tuesday, April 28, 2015 3:31 PM Subject: Re: [SSSD-users] uidNumber=4294967295 is being appearing in the log frequently
On Tue, Apr 28, 2015 at 11:17:53AM +0000, Majid Khan wrote:
so is there any work around to fix this? and does it have any impact on the LDAP server?, one thing is for sure that the server is getting hit with these request quite frequently like after 4 secs and we have many other client machine hitting wiht the same frequency.
Ideally find out which application is requesting this ID and stop it from doing so.
Alternatively, increase the negative cache timeout. Or even limit the ID range with min_id/max_id options.
btw this is not a sssd-specific problem, except maybe the inability to setup the permanent negative cache per ID. Even if you were running nss_ldap or something else, the queries would get through.
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
Majid Khan