On Mon, Jul 07, 2014 at 04:09:24PM -0300, Bruno Henrique Barbosa wrote: > I can confirm this, I usually run through this after a power outage on my > datacenter... Suddenly my /var/log/secure starts saying invalid user (7) to > SSH attempts, SSSD logs empty, and I have to logon and restart sssd on every > VM manually.
Hello Bruno, see my reply to John, if you can capture the sssd logs, that would be very welcome in tracking down the problem. > > ----- Mensagem original ----- > > De: "John Moyer" <john.mo...@digitalreasoning.com> > Para: "Jakub Hrozek" <jhro...@redhat.com>, freeipa-users@redhat.com > Enviadas: Segunda-feira, 7 de julho de 2014 15:56:18 > Assunto: Re: [Freeipa-users] IPA Service Restart causes clients to stop > working > > > The /var/log/secure is saying invalid user. When I do a getent passwd $USER I > can't get any user from IPA until sssd is restarted. The SSSD logs are > completely empty. Below is the sssd.conf if that helps. > > > Also I just had a server that I fixed (by restarting sssd) break again, > restarting sssd fixed it again though. > > > > > sssd.conf > [domain/digitalreasoning.com] > > cache_credentials = True > krb5_store_password_if_offline = True > ipa_domain = digitalreasoning.com > id_provider = ipa > auth_provider = ipa > access_provider = ipa > ldap_tls_cacert = /etc/ipa/ca.crt > ipa_hostname = client.digitalreasoning.com > chpass_provider = ipa > ipa_server = _srv_, server1.digitalreasoning.com > dns_discovery_domain = digitalreasoning.com > [sssd] > services = nss, pam, ssh > config_file_version = 2 > > domains = digitalreasoning.com > [nss] > > [pam] > > [sudo] > > [autofs] > > [ssh] > > [pac] > > > On 7/7/14, 2:19 PM, Jakub Hrozek wrote: > > > On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote: > <blockquote> > Hello All, > > Some of the services in IPA stopped responding and I restarted the > service (as I couldn't login to the website or via ssh to any registered > hosts). After the restart I could login to the web app, but still no > clients. I currently can login to one client that I restarted sssd on. > Any suggestions how to fix the rest without having to go to all of > them to restart sssd? > > Can you log in as root to the clients and check out /var/log/secure > and/or the sssd logs? > > Do your clients cache credentials? > > I suspect that when IPA went down, the clients went offline and still > haven't re-checked the online status..how long since the IPA server went > offline? > </blockquote> > > > > > > Thanks, > > John Moyer > Director, IT Operations > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project