I can confirm this, I usually run through this after a power outage on my datacenter... Suddenly my /var/log/secure starts saying invalid user (7) to SSH attempts, SSSD logs empty, and I have to logon and restart sssd on every VM manually.
----- Mensagem original ----- De: "John Moyer" <john.mo...@digitalreasoning.com> Para: "Jakub Hrozek" <jhro...@redhat.com>, firstname.lastname@example.org Enviadas: Segunda-feira, 7 de julho de 2014 15:56:18 Assunto: Re: [Freeipa-users] IPA Service Restart causes clients to stop working The /var/log/secure is saying invalid user. When I do a getent passwd $USER I can't get any user from IPA until sssd is restarted. The SSSD logs are completely empty. Below is the sssd.conf if that helps. Also I just had a server that I fixed (by restarting sssd) break again, restarting sssd fixed it again though. sssd.conf [domain/digitalreasoning.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = digitalreasoning.com id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = client.digitalreasoning.com chpass_provider = ipa ipa_server = _srv_, server1.digitalreasoning.com dns_discovery_domain = digitalreasoning.com [sssd] services = nss, pam, ssh config_file_version = 2 domains = digitalreasoning.com [nss] [pam] [sudo] [autofs] [ssh] [pac] On 7/7/14, 2:19 PM, Jakub Hrozek wrote: On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote: <blockquote> Hello All, Some of the services in IPA stopped responding and I restarted the service (as I couldn't login to the website or via ssh to any registered hosts). After the restart I could login to the web app, but still no clients. I currently can login to one client that I restarted sssd on. Any suggestions how to fix the rest without having to go to all of them to restart sssd? Can you log in as root to the clients and check out /var/log/secure and/or the sssd logs? Do your clients cache credentials? I suspect that when IPA went down, the clients went offline and still haven't re-checked the online status..how long since the IPA server went offline? </blockquote> Thanks, John Moyer Director, IT Operations -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project