On Thu, Apr 14, 2016 at 09:53:23PM -0400, Jeff Hallyburton wrote: > We're seeing the following issue with our jump servers in a client > environment: > > One (sometimes both) jump servers will fall back to local logins at regular > intervals. This seems to happen for a brief period every 10 - 15 minutes. > Once IPA access is restored the only indication of a problem in the logs is: > > Apr 14 18:09:25 jump01 [sssd[krb5_child]]: Generic error (see > e-text) > Apr 14 18:09:25 jump01 [sssd[krb5_child]]: Generic error (see > e-text) > > (Fri Apr 8 01:06:25 2016) [sssd[be[example.com]]] [krb5_auth_store_creds] > (0x0010): unsupported PAM command . > (Fri Apr 8 01:06:25 2016) [sssd[be[example.com]]] [krb5_auth_store_creds] > (0x0010): password not available, offline auth may not work.
at least the messages from krb5_auth_store_creds() are unrelated. I will write a patch to silence this messages. I would expect that SSSD switches to offline mode for some reason. If you run SSSD with debug_level 8 or higher in the [domain/...] section you should see messages like 'Going offline!' which indicate the switching into the offline mode. The log lines before should help to identify the reason. HTH bye, Sumit > > > This doesn't shed much light on what's going on. Do you have any > suggestions for troubleshooting? > > Jeff Hallyburton > Strategic Systems Engineer > Bloomip Inc. > Web: http://www.bloomip.com > > Engineering Support: supp...@bloomip.com > Billing Support: bill...@bloomip.com > Customer Support Portal: https://my.bloomip.com <http://my.bloomip.com/> > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project