> On 16 Jan 2016, at 02:21, Jeff Hallyburton <jeff.hallybur...@bloomip.com> 
> wrote:
> 
> Having finished setting up an ipa server and replica, we're trying to test 
> failover to ensure that HA works as expected.  We've been able to verify the 
> replication agreements and auto-discovery are working, and both servers are 
> picked up as expected at install time.
> 
> That said, we're seeing some oddities with failover.  Once I shut down the 
> ipa service on the main ipa server, I get most requests completing after 
> about a 2 min window.  I am able to:
> 
> 1.  Authenticate to our jump server and get a kerberos ticket
> 2.  kinit successfully as other users
> 
> However, whenever I try to ssh to another system within our domain, ssh 
> breaks with the following error:
> 
> $ ssh -vvv automation01
> OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 5: Applying options for *
> debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 
> automation01
> debug1: permanently_drop_suid: 1587000001
> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1
> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1
> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1
> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1
> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1
> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1
> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1
> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.6.1
> ssh_exchange_identification: Connection closed by remote host
> 

Did you crank up debug level on the machine where sshd is running and see if 
anything is logged then?

> 
> Nothing is logged in either /var/log/messages or /var/log/secure when this 
> happens, so I'm unsure where to begin debugging.  Can you offer any insight?
> 
> Thanks,
> 
> Jeff
> 
> Jeff Hallyburton
> Strategic Systems Engineer
> Bloomip Inc.
> Web: http://www.bloomip.com
> 
> Engineering Support: supp...@bloomip.com
> Billing Support: bill...@bloomip.com
> Customer Support Portal:  https://my.bloomip.com
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to