Hi Team,
We are using sssd with FreeIPA. Whenever we add a new server in FreeIPA, it does not get reflected to clients. We have implemented the cache refresh intervals as well. However, in some use cases , the issue only get resolved we we delete
/var/lib/sssd/db/* and restart the sssd service.
Is there any config settings for the same which do full refresh of DB.
Currently, below is the sssd config:
enumerate = False entry_cache_timeout = 60 refresh_expired_interval = 30 entry_cache_sudo_timeout = 60 entry_cache_netgroup_timeout = 60 ldap_enumeration_refresh_timeout = 60 ldap_purge_cache_timeout = 60 ldap_sudo_smart_refresh_interval = 60 cache_credentials = false
*Best Regards,*
*__________________________________________*
*Yogesh Sharma* *Email: yks0000@gmail.com yks0000@gmail.com | Web: www.initd.in http://www.initd.in/ *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
https://www.fb.com/yks0000 http://in.linkedin.com/in/yks0000 https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus
On Mon, Sep 14, 2015 at 08:04:58PM +0530, Yogesh Sharma wrote:
Hi Team,
We are using sssd with FreeIPA. Whenever we add a new server in FreeIPA, it does not get reflected to clients.
Can you be more specific in describing the issue? Are you adding a new replica, but the clients do not connect to it?
We have implemented the cache refresh intervals as well. However, in some use cases , the issue only get resolved we we delete
/var/lib/sssd/db/* and restart the sssd service.
Is there any config settings for the same which do full refresh of DB.
Currently, below is the sssd config:
enumerate = False entry_cache_timeout = 60 refresh_expired_interval = 30 entry_cache_sudo_timeout = 60 entry_cache_netgroup_timeout = 60 ldap_enumeration_refresh_timeout = 60 ldap_purge_cache_timeout = 60 ldap_sudo_smart_refresh_interval = 60 cache_credentials = false
*Best Regards,*
*__________________________________________*
*Yogesh Sharma* *Email: yks0000@gmail.com yks0000@gmail.com | Web: www.initd.in http://www.initd.in/ *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
https://www.fb.com/yks0000 http://in.linkedin.com/in/yks0000 https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi Jakub,
When we add new users to existing IPA server, Ideally they should get reflected to all the hosts(client) which are registered with the IPA server. However, it is not happening until we manually restart sssd after clearing the existing files from /var/lib/sssd/db.
We have implemented the sssd cache as well. However it seems to be working for existing users.
*Best Regards,*
*__________________________________________*
*Yogesh Sharma* *Email: yks0000@gmail.com yks0000@gmail.com | Web: www.initd.in http://www.initd.in/ *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
https://www.fb.com/yks0000 http://in.linkedin.com/in/yks0000 https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus
On Mon, Sep 14, 2015 at 9:08 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Mon, Sep 14, 2015 at 08:04:58PM +0530, Yogesh Sharma wrote:
Hi Team,
We are using sssd with FreeIPA. Whenever we add a new server in FreeIPA,
it
does not get reflected to clients.
Can you be more specific in describing the issue? Are you adding a new replica, but the clients do not connect to it?
We have implemented the cache refresh intervals as well. However, in some use cases , the issue only get
resolved
we we delete
/var/lib/sssd/db/* and restart the sssd service.
Is there any config settings for the same which do full refresh of DB.
Currently, below is the sssd config:
enumerate = False entry_cache_timeout = 60 refresh_expired_interval = 30 entry_cache_sudo_timeout = 60 entry_cache_netgroup_timeout = 60 ldap_enumeration_refresh_timeout = 60 ldap_purge_cache_timeout = 60 ldap_sudo_smart_refresh_interval = 60 cache_credentials = false
*Best Regards,*
*__________________________________________*
*Yogesh Sharma* *Email: yks0000@gmail.com yks0000@gmail.com | Web: www.initd.in http://www.initd.in/ *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
https://www.fb.com/yks0000 http://in.linkedin.com/in/yks0000 https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Tue, Sep 15, 2015 at 03:56:46PM +0530, Yogesh Sharma wrote:
Hi Jakub,
When we add new users to existing IPA server, Ideally they should get reflected to all the hosts(client) which are registered with the IPA server. However, it is not happening until we manually restart sssd after clearing the existing files from /var/lib/sssd/db.
That's doesn't sound right, did you already inspect the logs?
Yes, I did that. However, thanks for sharing the link, will go through it if any related error.
*Best Regards,*
*__________________________________________*
*Yogesh Sharma* *Email: yks0000@gmail.com yks0000@gmail.com | Web: www.initd.in http://www.initd.in/ *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
https://www.fb.com/yks0000 http://in.linkedin.com/in/yks0000 https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus
On Wed, Sep 16, 2015 at 12:46 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Tue, Sep 15, 2015 at 03:56:46PM +0530, Yogesh Sharma wrote:
Hi Jakub,
When we add new users to existing IPA server, Ideally they should get reflected to all the hosts(client) which are registered with the IPA server. However, it is not happening until we manually restart sssd after clearing the existing files from /var/lib/sssd/db.
That's doesn't sound right, did you already inspect the logs?
Hi Jakub,
As per this URL, https://fedorahosted.org/sssd/wiki/Troubleshooting
I am getting below error (Point 4) in sssd_nss.log.
(Fri Sep 18 13:33:53 2015) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [ys7673]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'ys7673' matched without domain, user is ys7673 (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [ys7673] from [<ALL>] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41c240:1:ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [klikpay.int][4097][1][name=ys7673] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41c240:1:ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Fast reply - offline (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 1, 11, Fast reply - offline Will try to return what we have in cache (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41c240:1:ys7673@klikpay.int]
*Best Regards,*
*__________________________________________*
*Yogesh Sharma* *Email: yks0000@gmail.com yks0000@gmail.com | Web: www.initd.in http://www.initd.in/ *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
https://www.fb.com/yks0000 http://in.linkedin.com/in/yks0000 https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus
On Wed, Sep 16, 2015 at 7:35 PM, Yogesh Sharma yks0000@gmail.com wrote:
Yes, I did that. However, thanks for sharing the link, will go through it if any related error.
*Best Regards,*
*__________________________________________*
*Yogesh Sharma* *Email: yks0000@gmail.com yks0000@gmail.com | Web: www.initd.in http://www.initd.in/ *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
https://www.fb.com/yks0000 http://in.linkedin.com/in/yks0000 https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus
On Wed, Sep 16, 2015 at 12:46 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Tue, Sep 15, 2015 at 03:56:46PM +0530, Yogesh Sharma wrote:
Hi Jakub,
When we add new users to existing IPA server, Ideally they should get reflected to all the hosts(client) which are registered with the IPA server. However, it is not happening until we manually restart sssd
after
clearing the existing files from /var/lib/sssd/db.
That's doesn't sound right, did you already inspect the logs?
On (18/09/15 14:23), Yogesh Sharma wrote:
Hi Jakub,
As per this URL, https://fedorahosted.org/sssd/wiki/Troubleshooting
I am getting below error (Point 4) in sssd_nss.log.
(Fri Sep 18 13:33:53 2015) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [ys7673]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'ys7673' matched without domain, user is ys7673 (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [ys7673] from [<ALL>] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41c240:1:ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [klikpay.int][4097][1][name=ys7673] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41c240:1:ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Fast reply - offline
SSSD was in offline mode and therefore it did not try to contact LDAP server. It would be good to see a log file from domain why sssd went to offline.
LS
Hi,
I am sorry, I did captured it but forget to send.
.
Apart from SSSD issue of being went in Offline mode. I have few other concern:
1. I have explicitly defined below values in sssd, though SSSD is taking the other values.
My Values:
ldap_sudo_smart_refresh_interval = 60 ldap_enumeration_refresh_timeout = 60 ldap_purge_cache_timeout = 60
SSSD Domain Logs:
(Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_sudo_smart_refresh_interval has value 900 (Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_enumeration_refresh_timeout has value 300 (Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_purge_cache_timeout has value 3600
*Logs related to sssd Offline Mode:*
(Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-01.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server 'ipa-inf-prd-ng2-01.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-02.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server 'ipa-inf-prd-ng2-02.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-01.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 0 for server 'ipa-inf-prd-ng2-01.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [fo_resolve_service_send] (0x0020): No available servers for service 'IPA' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_ptask_create] (0x0400): Periodic task [Check if online (periodic)] was created (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 88 seconds from now [1442564474] (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [ipa_subdomains_get_conn_done] (0x0080): No IPA server is available, cannot get the subdomain list while offline (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_subdomains_callback] (0x0400): Backend returned: (1, 11, <NULL>) [Provider is Offline (Have exhausted maximum number of retries for service)] (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [sdap_sudo_periodical_first_refresh_done] (0x0040): Periodical full refresh of sudo rules failed [dp_error: 1] ([11]: Resource temporarily unavailable) (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [sdap_sudo_periodical_first_refresh_done] (0x0400): Data provider is offline. Scheduling another full refresh in 2 minutes. (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [sdap_sudo_schedule_refresh] (0x0400): Full refresh scheduled at: 1442564506 (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-01.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server 'ipa-inf-prd-ng2-01.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-02.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server 'ipa-inf-prd-ng2-02.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-01.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 0 for server 'ipa-inf-prd-ng2-01.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [fo_resolve_service_send] (0x0020): No available servers for service 'IPA' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_ptask_enable] (0x0080): Task [Check if online (periodic)]: already enabled (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [ipa_subdomains_get_conn_done] (0x0080): No IPA server is available, cannot get the subdomain list while offline (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_subdomains_callback] (0x0400): Backend returned: (1, 11, <NULL>) [Provider is Offline (Have exhausted maximum number of retries for service)] (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-01.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server 'ipa-inf-prd-ng2-01.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-02.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server 'ipa-inf-prd-ng2-02.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-01.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 0 for server 'ipa-inf-prd-ng2-01.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [fo_resolve_service_send] (0x0020): No available servers for service 'IPA' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_ptask_enable] (0x0080): Task [Check if online (periodic)]: already enabled (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [ipa_subdomains_get_conn_done] (0x0080): No IPA server is available, cannot get the subdomain list while offline (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_subdomains_callback] (0x0400): Backend returned: (1, 11, <NULL>) [Provider is Offline (Have exhausted maximum number of retries for service)]
I have sent full logs to you in a separate email, if that helps.
*Best Regards,*
*__________________________________________*
*Yogesh Sharma* *Email: yks0000@gmail.com yks0000@gmail.com | Web: www.initd.in http://www.initd.in/ *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
https://www.fb.com/yks0000 http://in.linkedin.com/in/yks0000 https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus
On Fri, Sep 18, 2015 at 3:13 PM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (18/09/15 14:23), Yogesh Sharma wrote:
Hi Jakub,
As per this URL, https://fedorahosted.org/sssd/wiki/Troubleshooting
I am getting below error (Point 4) in sssd_nss.log.
(Fri Sep 18 13:33:53 2015) [sssd[nss]] [accept_fd_handler] (0x0400):
Client
connected! (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
Running
command [17] with input [ys7673]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'ys7673' matched without domain, user is ys7673 (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [ys7673] from [<ALL>] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41c240:1:ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [klikpay.int][4097][1][name=ys7673] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_internal_get_send]
(0x0400):
Entering request [0x41c240:1:ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Fast reply - offline
SSSD was in offline mode and therefore it did not try to contact LDAP server. It would be good to see a log file from domain why sssd went to offline.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Sat, Sep 19, 2015 at 03:15:56PM +0530, Yogesh Sharma wrote:
Hi,
I am sorry, I did captured it but forget to send.
.
Apart from SSSD issue of being went in Offline mode. I have few other concern:
- I have explicitly defined below values in sssd, though SSSD is taking
the other values.
My Values:
ldap_sudo_smart_refresh_interval = 60 ldap_enumeration_refresh_timeout = 60 ldap_purge_cache_timeout = 60
Are you sure you put them into the right section? Feel free to send the complete config file.
SSSD Domain Logs:
(Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_sudo_smart_refresh_interval has value 900 (Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_enumeration_refresh_timeout has value 300 (Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_purge_cache_timeout has value 3600
*Logs related to sssd Offline Mode:*
(Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-01.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server 'ipa-inf-prd-ng2-01.klikpay.int' is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-02.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server 'ipa-inf-prd-ng2-02.klikpay.int' is 'not working'
Sorry, I think I still need a bit more context. Here the server is already not working, we need to find out the spot where it was marked as wrong (older version's logging was somewhat poor in this respect..)
But off-bat, I'd check if you can search the ldap server using the same authentication (keyta I guess?) as SSSD uses.
Regarding, custom values, they are in domain tab. Is it correct , should they be in sudo tab?
On server offline issue, I am checking as suggested. Full log has been sent.
-Yogesh Sharma
(Sent from my HTC) On 20-Sep-2015 9:20 pm, "Jakub Hrozek" jhrozek@redhat.com wrote:
On Sat, Sep 19, 2015 at 03:15:56PM +0530, Yogesh Sharma wrote:
Hi,
I am sorry, I did captured it but forget to send.
.
Apart from SSSD issue of being went in Offline mode. I have few other concern:
- I have explicitly defined below values in sssd, though SSSD is taking
the other values.
My Values:
ldap_sudo_smart_refresh_interval = 60 ldap_enumeration_refresh_timeout = 60 ldap_purge_cache_timeout = 60
Are you sure you put them into the right section? Feel free to send the complete config file.
SSSD Domain Logs:
(Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_sudo_smart_refresh_interval has value 900 (Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_enumeration_refresh_timeout has value 300 (Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_purge_cache_timeout has value 3600
*Logs related to sssd Offline Mode:*
(Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-01.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server '
ipa-inf-prd-ng2-01.klikpay.int'
is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-02.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server '
ipa-inf-prd-ng2-02.klikpay.int'
is 'not working'
Sorry, I think I still need a bit more context. Here the server is already not working, we need to find out the spot where it was marked as wrong (older version's logging was somewhat poor in this respect..)
But off-bat, I'd check if you can search the ldap server using the same authentication (keyta I guess?) as SSSD uses.
I have troubleshooted it. Unable to replicate the issue again. Is there any suggestion of possible cause. I saw IPA server took long to respond as ipactl status took almost 3-4 mins to provide status.
*Best Regards,*
*__________________________________________*
*Yogesh Sharma* *Email: yks0000@gmail.com yks0000@gmail.com | Web: www.initd.in http://www.initd.in/ *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
https://www.fb.com/yks0000 http://in.linkedin.com/in/yks0000 https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus
On Sun, Sep 20, 2015 at 9:42 PM, Yogesh Sharma yks0000@gmail.com wrote:
Regarding, custom values, they are in domain tab. Is it correct , should they be in sudo tab?
On server offline issue, I am checking as suggested. Full log has been sent.
-Yogesh Sharma
(Sent from my HTC) On 20-Sep-2015 9:20 pm, "Jakub Hrozek" jhrozek@redhat.com wrote:
On Sat, Sep 19, 2015 at 03:15:56PM +0530, Yogesh Sharma wrote:
Hi,
I am sorry, I did captured it but forget to send.
.
Apart from SSSD issue of being went in Offline mode. I have few other concern:
- I have explicitly defined below values in sssd, though SSSD is taking
the other values.
My Values:
ldap_sudo_smart_refresh_interval = 60 ldap_enumeration_refresh_timeout = 60 ldap_purge_cache_timeout = 60
Are you sure you put them into the right section? Feel free to send the complete config file.
SSSD Domain Logs:
(Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_sudo_smart_refresh_interval has value 900 (Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_enumeration_refresh_timeout has value 300 (Fri Sep 18 13:49:33 2015) [sssd[be[klikpay.int]]] [dp_get_options] (0x0400): Option ldap_purge_cache_timeout has value 3600
*Logs related to sssd Offline Mode:*
(Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-01.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server '
ipa-inf-prd-ng2-01.klikpay.int'
is 'not working' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_server_status] (0x1000): Status of server 'ipa-inf-prd-ng2-02.klikpay.int' is 'name resolved' (Fri Sep 18 13:49:46 2015) [sssd[be[klikpay.int]]] [get_port_status] (0x1000): Port status of port 389 for server '
ipa-inf-prd-ng2-02.klikpay.int'
is 'not working'
Sorry, I think I still need a bit more context. Here the server is already not working, we need to find out the spot where it was marked as wrong (older version's logging was somewhat poor in this respect..)
But off-bat, I'd check if you can search the ldap server using the same authentication (keyta I guess?) as SSSD uses.
On Wed, Sep 23, 2015 at 12:05:54AM +0530, Yogesh Sharma wrote:
I have troubleshooted it. Unable to replicate the issue again. Is there any suggestion of possible cause. I saw IPA server took long to respond as ipactl status took almost 3-4 mins to provide status.
I would start then by looking at DNS logs and dirsrv logs.
On 18 Sep 2015, at 10:53, Yogesh Sharma yks0000@gmail.com wrote:
Hi Jakub,
As per this URL, https://fedorahosted.org/sssd/wiki/Troubleshooting
I am getting below error (Point 4) in sssd_nss.log.
As the Step 4 in the troubleshooting says, you need to continue investigating the domain logs.
(Fri Sep 18 13:33:53 2015) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [ys7673]. (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'ys7673' matched without domain, user is ys7673 (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [ys7673] from [<ALL>] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41c240:1:ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [klikpay.int][4097][1][name=ys7673] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41c240:1:ys7673@klikpay.int] (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Fast reply - offline (Fri Sep 18 13:33:53 2015) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 1, 11, Fast reply - offline Will try to return what we have in cache (Fri Sep 18 13:33:53 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41c240:1:ys7673@klikpay.int]
Best Regards, __________________________________________ Yogesh Sharma Email: yks0000@gmail.com | Web: www.initd.in
RHCE, VCE-CIA, RACKSPACE CLOUD U Certified
On Wed, Sep 16, 2015 at 7:35 PM, Yogesh Sharma yks0000@gmail.com wrote: Yes, I did that. However, thanks for sharing the link, will go through it if any related error.
Best Regards, __________________________________________ Yogesh Sharma Email: yks0000@gmail.com | Web: www.initd.in
RHCE, VCE-CIA, RACKSPACE CLOUD U Certified
On Wed, Sep 16, 2015 at 12:46 PM, Jakub Hrozek jhrozek@redhat.com wrote: On Tue, Sep 15, 2015 at 03:56:46PM +0530, Yogesh Sharma wrote:
Hi Jakub,
When we add new users to existing IPA server, Ideally they should get reflected to all the hosts(client) which are registered with the IPA server. However, it is not happening until we manually restart sssd after clearing the existing files from /var/lib/sssd/db.
That's doesn't sound right, did you already inspect the logs?
sssd-users@lists.fedorahosted.org