Hi all,
So I have 2 Centos7 hosts, with same sssd and nsswitch configs.
One does find the users in IPA, and the other doesn't.
Looks like the Data Provider is offline.
I sent the SIGUSR2 signal to sssd which is supposed to bring him online.
Didn't help.
The hosts can resolve the IPA server hostname. SElinux is enforced.
Iptables is disabled.
here's my sssd.conf
[domain/vgt.vito.be]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = vgt.vito.be
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = epoddev8.vgt.vito.be
chpass_provider = ipa
ipa_server = _srv_, epoddev5.vgt.vito.be
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 7
[sssd]
services = nss, sudo, pam, ssh
domains = vgt.vito.be
[nss]
homedir_substring = /home
debug_level = 7
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
here's the log of sssd_nss.log
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
Client connected!
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
Running command [17][SSS_NSS_GETPWNAM] with input [vdbornem].
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'vdbornem' matched without domain, user is vdbornem
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [vdbornem] from [<ALL>]
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
(0x0100): Requesting info for [vdbor...@vgt.vito.be]
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400):
Not a LOCAL view, continuing with provided values.
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x7f7ffd1d1880:1:vdbor...@vgt.vito.be@vgt.vito.be]
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_get_account_msg]
(0x0400): Creating request for
[vgt.vito.be][0x1][BE_REQ_USER][1][name=vdbor...@vgt.vito.be:-]
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_internal_get_send]
(0x0400): Entering request
[0x7f7ffd1d1880:1:vdbor...@vgt.vito.be@vgt.vito.be]
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_get_reply] (0x0010): The
Data Provider returned an error
[org.freedesktop.sssd.Error.DataProvider.Offline]
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getby_dp_callback]
(0x0040): Unable to get information from Data Provider
Error: 3, 5, Failed to get reply from Data Provider
Will try to return what we have in cache
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0x7f7ffd1d1880:1:vdbor...@vgt.vito.be@vgt.vito.be]
(Wed Mar 22 16:27:22 2017) [sssd[nss]] [client_recv] (0x0200): Client
disconnected!
Any ideas appreciated.
Thank you,
Cheers,
m.
--
*Michaël Van de Borne*
Free Bird Computing SPRL - Gérant
104 rue d'Azebois, 6230 Thiméon
*Tel:* +32(0)472 695716
*Skype:* mikemowgli
*TVA:* BE0637.834.386
Linkedin profile
<https://www.linkedin.com/in/micha%C3%ABl-van-de-borne-56409167>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
