From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Tuesday, October 28, 2014 1:28 PM
To: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group [SOLVED]

From: Dmitri Pal [mailto:d...@redhat.com]
Sent: Tuesday, October 28, 2014 10:04 AM
To: Craig White; freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] getent passwd / group

On 10/28/2014 12:11 PM, Craig White wrote:
From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com> 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Monday, October 27, 2014 5:32 PM
To: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] getent passwd / group

On 10/27/2014 07:38 PM, Craig White wrote:
RHEL 6.5 - new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64

On the master, I get nothing

[root@ipa001 log]# getent passwd admin
[root@ipa001 log]#

But it works on the replica as expected

[root@ipa002nadev01 ~]# getent passwd admin
admin:*:1140000000:1110000000:Administrator:/home/admin:/bin/bash

I am used to using PADL / NSSWITCH with OpenLDAP and I am rather surprised that 
on both, 'getent passwd' and 'getent group' return only entries from local 
files but then again, I've never used sssd before.

REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with 
icmp-host-prohibited

Then we need SSSD logs with the debug_level in the right sections as Jakub 
mentioned in his mail.
----
Sorry - I had a long meeting and should have noted that after restarting SSSD, 
it all started working again as expected. Clearly something I have to watch for 
and indeed, I moved the debug to the domain section for future.

I should add - came to the realization that restarting sssd and went to long 
meeting, then came back and couldn't log into ipa console or Kerberos and had 
to restart IPA service to restart Kerberos.



IPA is logging nothing.



This is not the first time I have had to go through this cycle - it seems that 
somehow, the IPA server is sensitive to the SSSD daemon and if the SSSD goes 
haywire, when I restart SSSD, IPA is not functioning and must be restarted too.



Thanks



Craig
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to