On Thu, Apr 14, 2016 at 09:53:23PM -0400, Jeff Hallyburton wrote:
> We're seeing the following issue with our jump servers in a client
> environment:
> 
> One (sometimes both) jump servers will fall back to local logins at regular
> intervals.  This seems to happen for a brief period every 10 - 15 minutes.
> Once IPA access is restored the only indication of a problem in the logs is:
> 
> Apr 14 18:09:25 jump01 [sssd[krb5_child[24814]]]: Generic error (see
> e-text)
> Apr 14 18:09:25 jump01 [sssd[krb5_child[24814]]]: Generic error (see
> e-text)
> 
> (Fri Apr  8 01:06:25 2016) [sssd[be[example.com]]] [krb5_auth_store_creds]
> (0x0010): unsupported PAM command [249].
> (Fri Apr  8 01:06:25 2016) [sssd[be[example.com]]] [krb5_auth_store_creds]
> (0x0010): password not available, offline auth may not work.

at least the messages from krb5_auth_store_creds() are unrelated. I will
write a patch to silence this messages.

I would expect that SSSD switches to offline mode for some reason. If
you run SSSD with debug_level 8 or higher in the [domain/...] section
you should see messages like 'Going offline!' which indicate the
switching into the offline mode. The log lines before should help to
identify the reason.

HTH

bye,
Sumit

> 
> 
> This doesn't shed much light on what's going on.  Do you have any
> suggestions for troubleshooting?
> 
> Jeff Hallyburton
> Strategic Systems Engineer
> Bloomip Inc.
> Web: http://www.bloomip.com
> 
> Engineering Support: supp...@bloomip.com
> Billing Support: bill...@bloomip.com
> Customer Support Portal:  https://my.bloomip.com <http://my.bloomip.com/>

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to