On 02/22/2016 03:51 PM, Jakub Hrozek wrote:
> 
> Is there anything else in the logs (/var/log/sssd/*)
> 

Only some events after sssd went away:

srvvm01:/var/log/sssd# cat sssd.log.1
(Sun Feb 21 18:02:21 2016) [sssd] [monitor_restart_service] (0x0010): Process 
[nss], definitely stopped!

srvvm01:/var/log/sssd# cat sssd_nss.log.1
(Sun Feb 21 18:02:15 2016) [sssd[nss]] [sss_dp_init] (0x0010): Failed to 
connect to monitor services.
(Sun Feb 21 18:02:15 2016) [sssd[nss]] [sss_process_init] (0x0010): fatal error 
setting up backend connector
(Sun Feb 21 18:02:15 2016) [sssd[nss]] [nss_process_init] (0x0010): 
sss_process_init() failed
(Sun Feb 21 18:02:17 2016) [sssd[nss]] [sss_dp_init] (0x0010): Failed to 
connect to monitor services.
(Sun Feb 21 18:02:17 2016) [sssd[nss]] [sss_process_init] (0x0010): fatal error 
setting up backend connector
(Sun Feb 21 18:02:17 2016) [sssd[nss]] [nss_process_init] (0x0010): 
sss_process_init() failed
(Sun Feb 21 18:02:21 2016) [sssd[nss]] [sss_dp_init] (0x0010): Failed to 
connect to monitor services.
(Sun Feb 21 18:02:21 2016) [sssd[nss]] [sss_process_init] (0x0010): fatal error 
setting up backend connector
(Sun Feb 21 18:02:21 2016) [sssd[nss]] [nss_process_init] (0x0010): 
sss_process_init() failed

srvvm01:/var/log/sssd# cat sssd_pac.log.1
(Sun Feb 21 18:02:31 2016) [sssd[pac]] [pac_dp_reconnect_init] (0x0010): Could 
not reconnect to example.com provider.

> Do you run with enumeration enabled?
> 

Nope. sssd.conf (as generated by ipa-client-install):

[domain/example.com]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = srvvm01.example.com
chpass_provider = ipa
ipa_server = _srv_, ipa2.example.com
dns_discovery_domain = example.com
[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2

domains = example.com
[nss]
homedir_substring = /home

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]


I have to mention that I missed to add ipa2.example.com to
the local /etc/hosts. This is fixed now. sssd.conf says now

:
ipa_server = _srv_, ipa2.example.com, ipa1.example.com
:

Would you recommend to enable enumeration?


Regards
Harri

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to