On Tue, July 24, 2012 20:29, Simo Sorce wrote: > On Tue, 2012-07-24 at 10:22 +0200, Sigbjorn Lie wrote: > >> Hi, >> >> >> I keep seing this error message in our production environment "Request is a >> replay" in variuos >> services using kerberos like ssh, sssd, automounter, squid +++ after the >> upgrade to RHEL 6.3 / >> IPA >> 2.2. >> >> >> >> Jul 24 10:16:11 server027 sssd_be: GSSAPI Error: Unspecified GSS failure. >> Minor code may >> provide more information (Request is a replay) >> >> Seaching google seem to suggest that this is an error with time. However we >> have NTP configured >> (IPA servers as NTP servers) which is synchronized to external NTP servers. >> There has been no >> issue before, and I cannot find issue with the time being out of sync on the >> machines where this >> is happening. > > This error usually appears only when a same request is found in the > replay cache. It shouldn't be related to time issues, in that case you > usually get clock-skew. > > Can you tell me what operation was being performed by sssd when you > caught that error ? Can you check if immediately before another identical > operation had been > performed ? >
Unfortunately no, I believe I was doing an "ls -l" on a nfs drive where sssd had to look up some uids, or a "ps -ef" where sssd also had to look up some uids or something related. I am unable to recreate the error with any specific commands, it's occuring randomly. Mind you, it's occuring to all kerberos based services, not just sssd. Rgds, Siggi _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
