On Wed, Mar 22, 2017 at 05:30:34PM +0100, Michaël Van de Borne wrote:
> Hi all,
> 
> So I have 2 Centos7 hosts, with same sssd and nsswitch configs.
> One does find the users in IPA, and the other doesn't.
> Looks like the Data Provider is offline.
> I sent the SIGUSR2 signal to sssd which is supposed to bring him online.
> Didn't help.
> The hosts can resolve the IPA server hostname. SElinux is enforced. Iptables
> is disabled.
> 
> here's my sssd.conf
> 
> [domain/vgt.vito.be]
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = vgt.vito.be
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = epoddev8.vgt.vito.be
> chpass_provider = ipa
> ipa_server = _srv_, epoddev5.vgt.vito.be
> ldap_tls_cacert = /etc/ipa/ca.crt
> debug_level = 7
> [sssd]
> services = nss, sudo, pam, ssh
> domains = vgt.vito.be
> [nss]
> homedir_substring = /home
> debug_level = 7
> [pam]
> [sudo]
> [autofs]
> [ssh]
> [pac]
> [ifp]
> 
> 
> here's the log of sssd_nss.log
> 
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client
> connected!
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
> command [17][SSS_NSS_GETPWNAM] with input [vdbornem].
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): name 'vdbornem' matched without domain, user is vdbornem
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [vdbornem] from [<ALL>]
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [vdbor...@vgt.vito.be]
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a
> LOCAL view, continuing with provided values.
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400):
> Issuing request for [0x7f7ffd1d1880:1:vdbor...@vgt.vito.be@vgt.vito.be]
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400):
> Creating request for
> [vgt.vito.be][0x1][BE_REQ_USER][1][name=vdbor...@vgt.vito.be:-]
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400):
> Entering request [0x7f7ffd1d1880:1:vdbor...@vgt.vito.be@vgt.vito.be]
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data
> Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040):
> Unable to get information from Data Provider
> Error: 3, 5, Failed to get reply from Data Provider
> Will try to return what we have in cache
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
> Deleting request: [0x7f7ffd1d1880:1:vdbor...@vgt.vito.be@vgt.vito.be]
> (Wed Mar 22 16:27:22 2017) [sssd[nss]] [client_recv] (0x0200): Client
> disconnected!

Restart sssd, which starts from a clean slate, then look for the first
occurence of "Going offline" or "Not working" in the logs, then check
which operation triggered that..

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to