The /var/log/secure is saying invalid user. When I do a getent passwd $USER I can't get any user from IPA until sssd is restarted. The SSSD logs are completely empty. Below is the sssd.conf if that helps.
Also I just had a server that I fixed (by restarting sssd) break again, restarting sssd fixed it again though. sssd.conf [domain/digitalreasoning.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = digitalreasoning.com id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = client.digitalreasoning.com chpass_provider = ipa ipa_server = _srv_, server1.digitalreasoning.com dns_discovery_domain = digitalreasoning.com [sssd] services = nss, pam, ssh config_file_version = 2 domains = digitalreasoning.com [nss] [pam] [sudo] [autofs] [ssh] [pac] On 7/7/14, 2:19 PM, Jakub Hrozek wrote: > On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote: >> Hello All, >> >> Some of the services in IPA stopped responding and I restarted the >> service (as I couldn't login to the website or via ssh to any registered >> hosts). After the restart I could login to the web app, but still no >> clients. I currently can login to one client that I restarted sssd on. >> Any suggestions how to fix the rest without having to go to all of >> them to restart sssd? > Can you log in as root to the clients and check out /var/log/secure > and/or the sssd logs? > > Do your clients cache credentials? > > I suspect that when IPA went down, the clients went offline and still > haven't re-checked the online status..how long since the IPA server went > offline? > Thanks, ------------------------------------------------------------------------ John Moyer Director, IT Operations
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
