On Wed, Sep 19, 2018 at 02:04:28PM +0200, Harald Dunkel via FreeIPA-users wrote: > Hi folks, > > I read somewhere that it is not recommended to run nscd to cache > passwd on ipa clients, but I wonder: What if?
It's not technically impossible, but you'd get one more caching layer, so the setup would be less predictable, e.g. knowing where did a NSS reply come from is more complex, it could be from nscd, it could be from sssd, ... > > I still have the problem that sometimes some sssd components > disappear somehow, e.g. sssd_pam. The logfile on our mail gateway > said > > : > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called > with result [0]: Success. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): > [pam_response_filter] not available, not fatal. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 74 > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply > error. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called > with result [4]: System error. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): > [pam_response_filter] not available, not fatal. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply > error. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called > with result [4]: System error. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): > [pam_response_filter] not available, not fatal. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): > Client already disconnected > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): > Client already disconnected > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0020): Performing > auto-reconnect > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. > (Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. This indicated a crash in sssd_be...I don't know Debian almost at all, but I would check the syslog for evidence.. > : > : > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_dom_forwarder] (0x0100): > pam_dp_send_req returned 11 > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called > with result [4]: System error. > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [filter_responses] (0x0100): > [pam_response_filter] not available, not fatal. > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26 > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [client_recv] (0x0200): Client > disconnected! > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is > reconnecting. Deferring. > : > : > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_reconnect] (0x0080): Making > reconnection attempt 1 to > [unix:path=/var/lib/sss/pipes/private/sbus-dp_aixigo.de] > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected > to [unix:path=/var/lib/sss/pipes/private/sbus-dp_aixigo.de] > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_conn_register_path] (0x0400): > Registering object path /org/freedesktop/sssd/responder with D-Bus connection > (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): > Reconnected to the Data Provider. > : > > Some EMails were bounced with user unknown at the same time, so I would > guess there is a coincidence. Question is, could nscd be an option here, > providing an additional cache for user accounts? What side effects could > come up? > > Platform is Debian 9, sssd is version 1.16.2, nscd version 2.24. > > > Every helpful comment is highly appreciated. > Regards > Harri > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
