The /var/log/secure is saying invalid user.   When I do a getent passwd
$USER I can't get any user from IPA until sssd is restarted.  The SSSD
logs are completely empty.   Below is the sssd.conf if that helps. 

Also I just had a server that I fixed (by restarting sssd) break again,
restarting sssd fixed it again though. 


cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain =
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname =
chpass_provider = ipa
ipa_server = _srv_,
dns_discovery_domain =
services = nss, pam, ssh
config_file_version = 2

domains =






On 7/7/14, 2:19 PM, Jakub Hrozek wrote:
> On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote:
>> Hello All,
>>     Some of the services in IPA stopped responding and I restarted the
>> service (as I couldn't login to the website or via ssh to any registered
>> hosts).   After the restart I could login to the web app, but still no
>> clients.   I currently can login to one client that I restarted sssd on.
>>   Any suggestions how to fix the rest without having to go to all of
>> them to restart sssd?  
> Can you log in as root to the clients and check out /var/log/secure
> and/or the sssd logs?
> Do your clients cache credentials?
> I suspect that when IPA went down, the clients went offline and still
> haven't re-checked the online long since the IPA server went
> offline?

John Moyer
Director, IT Operations

Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to