hi all,
we have a bunch of RHEL84 sssd client for our ipa setup (also based on
RHEL84), and we are seeing auth failures due to "dereference processing
failed [110]: Connection timed out"
does anyone have any idea where these might come from and what
service/logfile on the ipa server is should check to investiagte the
source of this?
it looks sporadic/not trivial to reproduce, any help to debug this is
welcome.
many thanks,
stijn
(2021-12-15 9:56:09): [be[mydomain]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900
(2021-12-15 9:56:09): [be[mydomain]] [sasl_bind_send] (0x0100): Executing sasl
bind mech: GSSAPI, user: host/myhost.mydomain
(2021-12-15 9:56:10): [be[mydomain]] [child_sig_handler] (0x0100): child
[990692] finished successfully.
(2021-12-15 9:56:10): [be[mydomain]] [fo_set_port_status] (0x0100): Marking
port 0 of server 'ipaserver1' as 'working'
(2021-12-15 9:56:10): [be[mydomain]] [set_server_common_status] (0x0100):
Marking server 'ipaserver1' as 'working'
(2021-12-15 9:56:16): [be[mydomain]] [generic_ext_search_handler] (0x0040):
sdap_get_generic_ext_recv failed [110]: Connection timed out
(2021-12-15 9:56:16): [be[mydomain]] [sdap_deref_search_done] (0x0040):
dereference processing failed [110]: Connection timed out
(2021-12-15 9:56:16): [be[mydomain]] [sdap_nested_group_deref_direct_done]
(0x0020): Error processing direct membership [110]: Connection timed out
(2021-12-15 9:56:16): [be[mydomain]] [sdap_nested_done] (0x0020): Nested group
processing failed: [110][Connection timed out]
(2021-12-15 9:56:16): [be[mydomain]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(2021-12-15 9:56:16): [be[mydomain]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of 'ipaserver2' in files
(2021-12-15 9:56:16): [be[mydomain]] [set_server_common_status] (0x0100):
Marking server 'ipaserver2' as 'resolving name'
(2021-12-15 9:56:16): [be[mydomain]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'ipaserver2' in files
(2021-12-15 9:56:16): [be[mydomain]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'ipaserver2' in DNS
(2021-12-15 9:56:16): [be[mydomain]] [set_server_common_status] (0x0100):
Marking server 'ipaserver2' as 'name resolved'
(2021-12-15 9:56:16): [be[mydomain]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(2021-12-15 9:56:16): [be[mydomain]] [generic_ext_search_handler] (0x0040):
sdap_get_generic_ext_recv failed [110]: Connection timed out
(2021-12-15 9:56:16): [be[mydomain]] [sdap_deref_search_done] (0x0040):
dereference processing failed [110]: Connection timed out
(2021-12-15 9:56:16): [be[mydomain]] [sdap_nested_group_deref_direct_done]
(0x0020): Error processing direct membership [110]: Connection timed out
(2021-12-15 9:56:16): [be[mydomain]] [sdap_nested_done] (0x0020): Nested group
processing failed: [110][Connection timed out]
(2021-12-15 9:56:16): [be[mydomain]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900
(2021-12-15 9:56:16): [be[mydomain]] [sasl_bind_send] (0x0100): Executing sasl
bind mech: GSSAPI, user: host/myhost.mydomain
(2021-12-15 9:56:16): [be[mydomain]] [child_sig_handler] (0x0100): child
[990708] finished successfully.
(2021-12-15 9:56:16): [be[mydomain]] [fo_set_port_status] (0x0100): Marking
port 0 of server 'ipaserver2' as 'working'
(2021-12-15 9:56:16): [be[mydomain]] [set_server_common_status] (0x0100):
Marking server 'ipaserver2' as 'working'
(2021-12-15 9:56:17): [be[mydomain]] [child_sig_handler] (0x0100): child
[990709] finished successfully.
(2021-12-15 9:56:17): [be[mydomain]] [dp_pam_handler_send] (0x0100): Got
request with the following data
(2021-12-15 9:56:17): [be[mydomain]] [pam_print_data] (0x0100): command:
SSS_PAM_OPEN_SESSION
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure