On Tue, 2014-01-07 at 07:48 +0200, Alexander Bokovoy wrote:
> On Fri, 03 Jan 2014, Simo Sorce wrote:
> >On Fri, 2014-01-03 at 12:29 +0100, Jakub Hrozek wrote:
> >> On Thu, Jan 02, 2014 at 08:06:31PM +0000, Andrew Holway wrote:
> >> > /var/log/sssd/*
> >> > this is using bob@host (prattle.com is the windows domain)
> >> > https://gist.github.com/anonymous/ff817a251948ff58bdb1
> >> >
> >> > this is using b...@prattle.com@host (prattle.com is the windows domain)
> >>
> >> Thanks, these logs have somewhat more info than those in the other
> >> thread.
> >>
> >> It seems that Winbind on the IPA server has trouble talking to the AD
> >> server:
> >>
> >> (Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] [fo_set_port_status]
> >> (0x0100): Marking port 0 of server 'ipa.wibble.com' as 'working'
> >> (Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]]
> >> [set_server_common_status] (0x0100): Marking server 'ipa.wibble.com' as
> >> 'working'
> >> (Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] [ipa_s2n_get_user_done]
> >> (0x0040): s2n exop request failed.
> >>
> >> (The s2n exop does a special LDAP call to IPA which in turn calls
> >> winbind on the server).
> >>
> >> To generate the winbind logs on the server, can you do 'smbcontrol winbindd
> >> debug 100', then request the trusted user. The winbind logs would be at
> >> /var/log/samba/log.w*
> >
> >Don't use debug level 100, it will litter the tmp with packet dumps and
> >[possibly fill the disk.
> >
> >Log level 10 is the max that is ever useful.
> No, you are not right.
> 
> It looks in this case that there are some unfinished async tasks
> associated with the outgoing socket and they prevent cli_negprot from
> starting. On debug level 100 we see content of the packets sent by
> smbd/winbindd in the log itself which will help to identify what
> happens. On debug level 10 we simply have two lines in succession
> telling that winbindd attempted to start cli_negprot and then failed it.

Yes it is ok to ask for 100 in specific cases if you find out it is
really needed, but shouldn't normally be advised, the starting point is
level 10, imo.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to