Carl E. Ma wrote:
> Thanks for all your responses! Yes, the GSS proxy is not available on
> RHEL-6. For the time being, we can live with krb5_renewable_lifetime =
> 365d.
> 
> For my own curiosity, what kind of debugging tips or recommendations
> included in BZ - https://bugzilla.redhat.com/show_bug.cgi?id=846109,
> which I can't access with regular Redhat Bugzilla account?
> 
> Thanks a lot,
> 

Probably the easiest way to get more information about where
the problem is occurring is to get an autofs debug log during
the test procedure.

I see you already have LOGGING="debug" in your autofs
configuration so all that needs to be done is ensure syslog
is sending deamon level log messages to the log. I usually
just add a line like:

*.daemon                   /var/log/daemon

to the syslog configuration. I always "touch /var/log/daemon"
before restarting syslog as a matter of habit. I don't know if
rsyslog will create the log file if it doesn't already exist.

Basically, if we don't see a second mount request in the log
at all then the issue is occuring before the login process is
attempting to access the home directory. If we do see such a
request then we may be able to see where autofs blocks (if it
does block) such as when calling mount(8) (although more likley
mount.nfs(8)).

rob

> carl
> 
> 
> From: Rob Crittenden <rcritten redhat com>
> To: dpal redhat com, freeipa-users redhat com
> Subject: Re: [Freeipa-users] weird behavior on centos 6
> Date: Thu, 15 May 2014 09:46:28 -0400
> 
> Dmitri Pal wrote:
> 
>     On 05/14/2014 06:12 PM, Carl E. Ma wrote:
> 
>         Hello,
> 
>         Recently I realized our centos 6 freeipa clients hangs randomly.
> With
>         some research, the issue is related to autofs bug, which was
> mentioned
>         year ago - Automount fails for IPA user when kerberos ticket is
>         expired, ssh hangs (https://fedorahosted.org/freeipa/ticket/2980).
>         This ticket was closed with comment - "closed defect: invalid".
> 
>         My workaround is extending  ticket_lifetime to 24h and
> renew_lifetime
>         to 365d. I wonder whether there is better solution or some
> insights of
>         this bug.
> 
>         Thanks,
> 
>         carl
> 
> 
>     Read about GSS proxy.
> 
> 
> I don't believe gss-proxy is available for RHEL-6 and backporting is
> unlikely.
> 
> 
> The ticket is closed but the associated BZ is still open,
> https://bugzilla.redhat.com/show_bug.cgi?id=846109 and has some
> debugging tips and other recommendations.
> 
> 
> rob
> 
> 
> 
> 

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to