Craig White wrote:
> *From:*Dmitri Pal [mailto:d...@redhat.com]
> *Sent:* Tuesday, October 28, 2014 5:10 PM
> *To:* Craig White; freeipa-users@redhat.com
> *Subject:* Re: [Freeipa-users] getent passwd / group [SOLVED]
> 
>  
> 
> On 10/28/2014 04:41 PM, Craig White wrote:
> 
>     *From:*freeipa-users-boun...@redhat.com
>     <mailto:freeipa-users-boun...@redhat.com>
>     [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Craig White
>     *Sent:* Tuesday, October 28, 2014 1:28 PM
>     *To:* d...@redhat.com <mailto:d...@redhat.com>;
>     freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>
>     *Subject:* Re: [Freeipa-users] getent passwd / group [SOLVED]
> 
>      
> 
>     *From:*Dmitri Pal [mailto:d...@redhat.com]
>     *Sent:* Tuesday, October 28, 2014 10:04 AM
>     *To:* Craig White; freeipa-users@redhat.com
>     <mailto:freeipa-users@redhat.com>
>     *Subject:* Re: [Freeipa-users] getent passwd / group
> 
>      
> 
>     On 10/28/2014 12:11 PM, Craig White wrote:
> 
>         *From:*freeipa-users-boun...@redhat.com
>         <mailto:freeipa-users-boun...@redhat.com>
>         [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal
>         *Sent:* Monday, October 27, 2014 5:32 PM
>         *To:* freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>
>         *Subject:* Re: [Freeipa-users] getent passwd / group
> 
>          
> 
>         On 10/27/2014 07:38 PM, Craig White wrote:
> 
>             RHEL 6.5 – new install
> 
>             ipa-server-3.0.0-42.el6.x86_64
> 
>             389-ds-base-1.2.11.15-47.el6.x86_64
> 
>              
> 
>             On the master, I get nothing
> 
>              
> 
>             [root@ipa001 log]# getent passwd admin
> 
>             [root@ipa001 log]#
> 
>              
> 
>             But it works on the replica as expected
> 
>              
> 
>             [root@ipa002nadev01 ~]# getent passwd admin
> 
>             admin:*:1140000000:1110000000:Administrator:/home/admin:/bin/bash
> 
>              
> 
>             I am used to using PADL / NSSWITCH with OpenLDAP and I am
>             rather surprised that on both, ‘getent passwd’ and ‘getent
>             group’ return only entries from local files but then again,
>             I’ve never used sssd before.
> 
>              
> 
>         REJECT     all  --  0.0.0.0/0            0.0.0.0/0          
>         reject-with icmp-host-prohibited
> 
> 
>     Then we need SSSD logs with the debug_level in the right sections as
>     Jakub mentioned in his mail.
>     ----
> 
>     Sorry – I had a long meeting and should have noted that after
>     restarting SSSD, it all started working again as expected. Clearly
>     something I have to watch for and indeed, I moved the debug to the
>     domain section for future.
> 
>     I should add – came to the realization that restarting sssd and went to 
> long meeting, then came back and couldn’t log into ipa console or Kerberos 
> and had to restart IPA service to restart Kerberos.
> 
>      
> 
>     IPA is logging nothing.
> 
>      
> 
>     This is not the first time I have had to go through this cycle – it seems 
> that somehow, the IPA server is sensitive to the SSSD daemon and if the SSSD 
> goes haywire, when I restart SSSD, IPA is not functioning and must be 
> restarted too.
> 
>      
> 
>     Thanks
> 
>      
> 
>     Craig
> 
> 
> Is this on the same server?
> ----
> 
> Yes, same server… the one I call the master. The first one I set up. I’m
> getting tuned in to the checking the status of dirsrv and ipa but now I
> know to check the status of the sssd too.
> 
>  
> 
> Seems like it crashes a little too easily – I doubt I did much to harm it… I 
> am fairly experienced with OpenLDAP and in fact used 389-server back when it 
> was called FedoraDS. 
> 
>  
> 
> But it is running now, and seemingly will stay running for some time and I am 
> upping the logging and watching for a crash like Richard said to provide some 
> debug logs if possible. Sort of wish I could have just started with RHEL 7 
> and the updated IPA.

Ok, and to be clear if it crashes again Rich needs to get a stacktrace.
Logs won't be enough.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to