Sorry, I wasn't clear at all.

Running the "ipa" command terminates my session. I can log in just fine. All the IPA services appear to be working. But no interaction via the command line is possible; it all ends with terminated sessions after about a 5 second pause:

[ipamaster]# ipa help

Connection to ipamaster closed.

[desktop]$


On 02/21/2014 01:27 PM, Jakub Hrozek wrote:
On Fri, Feb 21, 2014 at 01:15:52PM -0500, Bret Wortman wrote:
I'm getting ready to leave for the weekend, and this isn't the kind
of thing I want to track down on a Friday, but if anyone has any
ideas for things I should look at come Monday morning, I'd be very
appreciative.

I've got a system with 12 replicas, and no matter which IPA server I
log into and try to run "ipa" CLI commands on (even "ipa help"), I
get my session terminated. I also tried from a client system that
has the ipatools rpm installed, and in that case I got bounced out
of my sudo'd root session.
I'm not sure I understand, does the login itself fail or do you log in
fine, but running 'ipa' kicks you out? Does login as root (or a local,
non-ipa user) work?

I need to figure this out because something's obviously amiss, and
we have discovered a number of systems that are lacking Kerberos
keys. I was hoping the CLI would provide the mechanism to get them
fixed. We're also trying to track down a 6-10 second delay every
time a user logs in using SSSD to authenticate; the password check
passes almost instantly, but something is taking up an additional
bunch of time and my users are starting to complain. So I need to
get past this so I can debug that.
What SSSD version is this? Can we see the logs to take a look where the
delay is?

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to