Re: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken?

2016-01-18 Thread Martin Kosek
Hi Jeff and Janelle, I am glad you got things working, but I am not convinced this is the best way to do it. The proxy is needed for SSSD SSH integration (public keys and fingerprints), if the proxy is buggy, we should fix. And in order to fix it, it would be great to get our hands on the logs

Re: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken?

2016-01-18 Thread Jakub Hrozek
On Mon, Jan 18, 2016 at 09:27:23AM +0100, Martin Kosek wrote: > Hi Jeff and Janelle, > > I am glad you got things working, but I am not convinced this is the best way > to do it. The proxy is needed for SSSD SSH integration (public keys and > fingerprints), if the proxy is buggy, we should fix.

Re: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken?

2016-01-18 Thread Alexander Bokovoy
On Fri, 15 Jan 2016, Jeff Hallyburton wrote: Having finished setting up an ipa server and replica, we're trying to test failover to ensure that HA works as expected. We've been able to verify the replication agreements and auto-discovery are working, and both servers are picked up as expected

Re: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken?

2016-01-18 Thread Jakub Hrozek
On Mon, Jan 18, 2016 at 10:54:42AM +0200, Alexander Bokovoy wrote: > I think we fixed this in newer SSSD versions already. Yes, but in master only, we haven't released the fix yet: https://fedorahosted.org/sssd/ticket/2785 -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken?

2016-01-17 Thread Jeff Hallyburton
Janelle, The proxy suggestion was spot on. After that things seem to work normally. Thanks! Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: supp...@bloomip.com Billing Support: bill...@bloomip.com Customer Support Portal:

Re: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken?

2016-01-17 Thread Janelle
Hi, Try commenting out the proxy command in /etc/ssh/ssh_config The sssd proxy of ssh is buggy as can be. ~J > On Jan 17, 2016, at 05:24, Jakub Hrozek wrote: > > >> On 16 Jan 2016, at 02:21, Jeff Hallyburton >> wrote: >> >> Having