Re: [Freeipa-users] SSSD startup failures on ipa clients
Not sure why 'yum check' didn't report anything - I'll run it by release engineering and see if they have anything to share. Thank you! -m On 07/28/2014 09:19 AM, Jakub Hrozek wrote: On Mon, Jul 28, 2014 at 09:02:17AM -0400, Mark Heslin wrote: Hi Jakub, (Top posting to save scrolling). Success. It looks like the c-ares package was not installed during ipa-client install: # rpm -qV c-ares package c-ares is not installed # yum reinstall c-ares ... Package(s) c-ares available, but not installed. Error: Nothing to do # yum clean all ... # yum install c-ares ... Installed: c-ares.x86_64 0:1.7.0-6.el6 Complete! # service sssd restart Stopping sssd: cat: /var/run/sssd.pid: No such file or directory [FAILED] Starting sssd: [ OK ] # Now the ssh keys are working :-) So one last question. Would we normally track this down this way for a customer or simply I think just installing the package should be fine. I wonder why didn't yum check report the broken c-ares dependency? have them uninstall and re-install the ipa client? Is there any disadvantage to that? no, that should be fine as well, except for losing some local modifications and maybe getting a keytab with a higher kvno. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] SSSD startup failures on ipa clients
On Mon, Jul 28, 2014 at 09:02:17AM -0400, Mark Heslin wrote: > Hi Jakub, > > (Top posting to save scrolling). > > Success. It looks like the c-ares package was not installed during > ipa-client install: > ># rpm -qV c-ares >package c-ares is not installed ># yum reinstall c-ares >... >Package(s) c-ares available, but not installed. >Error: Nothing to do ># yum clean all >... ># yum install c-ares >... >Installed: >c-ares.x86_64 0:1.7.0-6.el6 > >Complete! > ># service sssd restart >Stopping sssd: cat: /var/run/sssd.pid: No such file or directory > [FAILED] >Starting sssd: [ OK ] ># > > Now the ssh keys are working :-) > > So one last question. Would we normally track this down this way for a > customer or simply I think just installing the package should be fine. I wonder why didn't yum check report the broken c-ares dependency? > have them uninstall and re-install the ipa client? Is there any disadvantage > to that? no, that should be fine as well, except for losing some local modifications and maybe getting a keytab with a higher kvno. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] SSSD startup failures on ipa clients
Hi Jakub, (Top posting to save scrolling). Success. It looks like the c-ares package was not installed during ipa-client install: # rpm -qV c-ares package c-ares is not installed # yum reinstall c-ares ... Package(s) c-ares available, but not installed. Error: Nothing to do # yum clean all ... # yum install c-ares ... Installed: c-ares.x86_64 0:1.7.0-6.el6 Complete! # service sssd restart Stopping sssd: cat: /var/run/sssd.pid: No such file or directory[FAILED] Starting sssd: [ OK ] # Now the ssh keys are working :-) So one last question. Would we normally track this down this way for a customer or simply have them uninstall and re-install the ipa client? Is there any disadvantage to that? Thank you! -m On 07/28/2014 08:38 AM, Jakub Hrozek wrote: On Mon, Jul 28, 2014 at 08:28:01AM -0400, Mark Heslin wrote: On 07/28/2014 07:33 AM, Jakub Hrozek wrote: On Mon, Jul 28, 2014 at 07:28:22AM -0400, Mark Heslin wrote: Hi Jakub, I've added the output of 'sssd -i -d4' below: On 07/28/2014 03:39 AM, Jakub Hrozek wrote: On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin wrote: Folks, I just stumbled on an odd issue. I have an OpenShift deployment with 2 brokers, 2 nodes, 1 rhc client all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 IPA admin (tools) client all running RHEL 7.0. All OpenShift hosts, client and IPA client are members of IPA domain 'interop.example.com'. After creating ssh public keys on the IPA admin client for user 'ose-admin1' and uploading them into IPA, I am able to ssh with the key to all IPA domain hosts as user 'ose-admin1' except the 2 node hosts. In looking closer at the 2 node hosts I noticed that SSSD keeps failing on start: # service sssd restart Stopping sssd: cat: /var/run/sssd.pid: No such file or directory [FAILED] Starting sssd: [FAILED] Starting with debug mode shows: [root@node1/2 ~]# sssd -d9 (Sun Jul 27 22:12:29:527689 2014) [sssd] [check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory]. (Sun Jul 27 22:12:29:529293 2014) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Sun Jul 27 22:12:29:529596 2014) [sssd] [confdb_get_domain_internal] (0x0400): No enumeration for [interop.example.com]! (Sun Jul 27 22:12:29:529646 2014) [sssd] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Sun Jul 27 22:12:29:529686 2014) [sssd] [server_setup] (0x0040): Becoming a daemon. At this point sssd became a deamon and detached from the terminal, so no more debug info was printed. Can you run sssd again, adding "-i" (interactive) this time? [root@node2 ~]# sssd -i -d4 (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between service pings for [interop.example.com]: [10] (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [interop.example.com]: [60] (Mon Jul 28 07:25:20 2014) [sssd] [start_service] (0x0100): Queueing service interop.example.com for startup /usr/libexec/sssd/sssd_be: error while loading shared libraries: libcares.so.2: cannot open shared object file: No such file or directory ^^^ Here goes the error. Can you check if c-ares is installed and has the expected version? Yum check would be a good start, I think. Here's what I found: # ll /usr/libexec/sssd/sssd_be -rwxr-xr-x. 1 root root 577480 Dec 19 2013 /usr/libexec/sssd/sssd_be # yum check Loaded plugins: priorities, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. check all # Seems to be clean. Thoughts? -m rpm -q c-ares rpm -qV c-ares yum reinstall c-ares make sure c-ares is the right architecture, same as the sssd deamon, libraries can be multilib. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] SSSD startup failures on ipa clients
On Mon, Jul 28, 2014 at 08:28:01AM -0400, Mark Heslin wrote: > # ll /usr/libexec/sssd/sssd_be > -rwxr-xr-x. 1 root root 577480 Dec 19 2013 /usr/libexec/sssd/sssd_be btw this might be more useful: $ ldd /usr/libexec/sssd/sssd_be | grep cares libcares.so.2 => /lib64/libcares.so.2 (0x7ff4e0f7b000) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] SSSD startup failures on ipa clients
On Mon, Jul 28, 2014 at 08:28:01AM -0400, Mark Heslin wrote: > On 07/28/2014 07:33 AM, Jakub Hrozek wrote: > >On Mon, Jul 28, 2014 at 07:28:22AM -0400, Mark Heslin wrote: > >>Hi Jakub, > >> > >>I've added the output of 'sssd -i -d4' below: > >> > >>On 07/28/2014 03:39 AM, Jakub Hrozek wrote: > >>>On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin wrote: > Folks, > > I just stumbled on an odd issue. I have an OpenShift deployment with 2 > brokers, 2 nodes, 1 rhc client > all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 > IPA > admin (tools) client all running RHEL 7.0. > All OpenShift hosts, client and IPA client are members of IPA domain > 'interop.example.com'. > > After creating ssh public keys on the IPA admin client for user > 'ose-admin1' > and uploading them into IPA, > I am able to ssh with the key to all IPA domain hosts as user 'ose-admin1' > except the 2 node hosts. > In looking closer at the 2 node hosts I noticed that SSSD keeps failing on > start: > > # service sssd restart > Stopping sssd: cat: /var/run/sssd.pid: No such file or directory > [FAILED] > Starting sssd: [FAILED] > > Starting with debug mode shows: > > [root@node1/2 ~]# sssd -d9 > (Sun Jul 27 22:12:29:527689 2014) [sssd] [check_file] (0x0400): lstat > for > [/var/run/nscd/socket] failed: [2][No such file or directory]. > (Sun Jul 27 22:12:29:529293 2014) [sssd] [ldb] (0x0400): > server_sort:Unable to register control with rootdse! > (Sun Jul 27 22:12:29:529596 2014) [sssd] [confdb_get_domain_internal] > (0x0400): No enumeration for [interop.example.com]! > (Sun Jul 27 22:12:29:529646 2014) [sssd] [confdb_get_domain_internal] > (0x1000): pwd_expiration_warning is -1 > (Sun Jul 27 22:12:29:529686 2014) [sssd] [server_setup] (0x0040): > Becoming > a daemon. > >>>At this point sssd became a deamon and detached from the terminal, so no > >>>more debug info was printed. Can you run sssd again, adding "-i" > >>>(interactive) this time? > >>[root@node2 ~]# sssd -i -d4 > >>(Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between > >>service pings for [interop.example.com]: [10] > >>(Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between > >>SIGTERM and SIGKILL for [interop.example.com]: [60] > >>(Mon Jul 28 07:25:20 2014) [sssd] [start_service] (0x0100): Queueing service > >>interop.example.com for startup > >>/usr/libexec/sssd/sssd_be: error while loading shared libraries: > >>libcares.so.2: cannot open shared object file: No such file or directory > >^^^ Here goes the error. Can you check if c-ares is installed and has > >the expected version? Yum check would be a good start, I think. > Here's what I found: > > # ll /usr/libexec/sssd/sssd_be > -rwxr-xr-x. 1 root root 577480 Dec 19 2013 /usr/libexec/sssd/sssd_be > > # yum check > Loaded plugins: priorities, security, subscription-manager > This system is receiving updates from Red Hat Subscription Management. > check all > > # > > Seems to be clean. Thoughts? > > -m > rpm -q c-ares rpm -qV c-ares yum reinstall c-ares make sure c-ares is the right architecture, same as the sssd deamon, libraries can be multilib. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] SSSD startup failures on ipa clients
On 07/28/2014 07:33 AM, Jakub Hrozek wrote: On Mon, Jul 28, 2014 at 07:28:22AM -0400, Mark Heslin wrote: Hi Jakub, I've added the output of 'sssd -i -d4' below: On 07/28/2014 03:39 AM, Jakub Hrozek wrote: On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin wrote: Folks, I just stumbled on an odd issue. I have an OpenShift deployment with 2 brokers, 2 nodes, 1 rhc client all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 IPA admin (tools) client all running RHEL 7.0. All OpenShift hosts, client and IPA client are members of IPA domain 'interop.example.com'. After creating ssh public keys on the IPA admin client for user 'ose-admin1' and uploading them into IPA, I am able to ssh with the key to all IPA domain hosts as user 'ose-admin1' except the 2 node hosts. In looking closer at the 2 node hosts I noticed that SSSD keeps failing on start: # service sssd restart Stopping sssd: cat: /var/run/sssd.pid: No such file or directory [FAILED] Starting sssd: [FAILED] Starting with debug mode shows: [root@node1/2 ~]# sssd -d9 (Sun Jul 27 22:12:29:527689 2014) [sssd] [check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory]. (Sun Jul 27 22:12:29:529293 2014) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Sun Jul 27 22:12:29:529596 2014) [sssd] [confdb_get_domain_internal] (0x0400): No enumeration for [interop.example.com]! (Sun Jul 27 22:12:29:529646 2014) [sssd] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Sun Jul 27 22:12:29:529686 2014) [sssd] [server_setup] (0x0040): Becoming a daemon. At this point sssd became a deamon and detached from the terminal, so no more debug info was printed. Can you run sssd again, adding "-i" (interactive) this time? [root@node2 ~]# sssd -i -d4 (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between service pings for [interop.example.com]: [10] (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [interop.example.com]: [60] (Mon Jul 28 07:25:20 2014) [sssd] [start_service] (0x0100): Queueing service interop.example.com for startup /usr/libexec/sssd/sssd_be: error while loading shared libraries: libcares.so.2: cannot open shared object file: No such file or directory ^^^ Here goes the error. Can you check if c-ares is installed and has the expected version? Yum check would be a good start, I think. Here's what I found: # ll /usr/libexec/sssd/sssd_be -rwxr-xr-x. 1 root root 577480 Dec 19 2013 /usr/libexec/sssd/sssd_be # yum check Loaded plugins: priorities, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. check all # Seems to be clean. Thoughts? -m -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] SSSD startup failures on ipa clients
On Mon, Jul 28, 2014 at 07:28:22AM -0400, Mark Heslin wrote: > Hi Jakub, > > I've added the output of 'sssd -i -d4' below: > > On 07/28/2014 03:39 AM, Jakub Hrozek wrote: > >On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin wrote: > >>Folks, > >> > >>I just stumbled on an odd issue. I have an OpenShift deployment with 2 > >>brokers, 2 nodes, 1 rhc client > >>all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 IPA > >>admin (tools) client all running RHEL 7.0. > >>All OpenShift hosts, client and IPA client are members of IPA domain > >>'interop.example.com'. > >> > >>After creating ssh public keys on the IPA admin client for user 'ose-admin1' > >>and uploading them into IPA, > >>I am able to ssh with the key to all IPA domain hosts as user 'ose-admin1' > >>except the 2 node hosts. > >>In looking closer at the 2 node hosts I noticed that SSSD keeps failing on > >>start: > >> > >># service sssd restart > >>Stopping sssd: cat: /var/run/sssd.pid: No such file or directory > >>[FAILED] > >>Starting sssd: [FAILED] > >> > >>Starting with debug mode shows: > >> > >> [root@node1/2 ~]# sssd -d9 > >> (Sun Jul 27 22:12:29:527689 2014) [sssd] [check_file] (0x0400): lstat for > >>[/var/run/nscd/socket] failed: [2][No such file or directory]. > >> (Sun Jul 27 22:12:29:529293 2014) [sssd] [ldb] (0x0400): > >>server_sort:Unable to register control with rootdse! > >> (Sun Jul 27 22:12:29:529596 2014) [sssd] [confdb_get_domain_internal] > >>(0x0400): No enumeration for [interop.example.com]! > >> (Sun Jul 27 22:12:29:529646 2014) [sssd] [confdb_get_domain_internal] > >>(0x1000): pwd_expiration_warning is -1 > >> (Sun Jul 27 22:12:29:529686 2014) [sssd] [server_setup] (0x0040): > >> Becoming > >>a daemon. > >At this point sssd became a deamon and detached from the terminal, so no > >more debug info was printed. Can you run sssd again, adding "-i" > >(interactive) this time? > > [root@node2 ~]# sssd -i -d4 > (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between > service pings for [interop.example.com]: [10] > (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between > SIGTERM and SIGKILL for [interop.example.com]: [60] > (Mon Jul 28 07:25:20 2014) [sssd] [start_service] (0x0100): Queueing service > interop.example.com for startup > /usr/libexec/sssd/sssd_be: error while loading shared libraries: > libcares.so.2: cannot open shared object file: No such file or directory ^^^ Here goes the error. Can you check if c-ares is installed and has the expected version? Yum check would be a good start, I think. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] SSSD startup failures on ipa clients
Hi Jakub, I've added the output of 'sssd -i -d4' below: On 07/28/2014 03:39 AM, Jakub Hrozek wrote: On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin wrote: Folks, I just stumbled on an odd issue. I have an OpenShift deployment with 2 brokers, 2 nodes, 1 rhc client all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 IPA admin (tools) client all running RHEL 7.0. All OpenShift hosts, client and IPA client are members of IPA domain 'interop.example.com'. After creating ssh public keys on the IPA admin client for user 'ose-admin1' and uploading them into IPA, I am able to ssh with the key to all IPA domain hosts as user 'ose-admin1' except the 2 node hosts. In looking closer at the 2 node hosts I noticed that SSSD keeps failing on start: # service sssd restart Stopping sssd: cat: /var/run/sssd.pid: No such file or directory [FAILED] Starting sssd: [FAILED] Starting with debug mode shows: [root@node1/2 ~]# sssd -d9 (Sun Jul 27 22:12:29:527689 2014) [sssd] [check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory]. (Sun Jul 27 22:12:29:529293 2014) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Sun Jul 27 22:12:29:529596 2014) [sssd] [confdb_get_domain_internal] (0x0400): No enumeration for [interop.example.com]! (Sun Jul 27 22:12:29:529646 2014) [sssd] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Sun Jul 27 22:12:29:529686 2014) [sssd] [server_setup] (0x0040): Becoming a daemon. At this point sssd became a deamon and detached from the terminal, so no more debug info was printed. Can you run sssd again, adding "-i" (interactive) this time? [root@node2 ~]# sssd -i -d4 (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between service pings for [interop.example.com]: [10] (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [interop.example.com]: [60] (Mon Jul 28 07:25:20 2014) [sssd] [start_service] (0x0100): Queueing service interop.example.com for startup /usr/libexec/sssd/sssd_be: error while loading shared libraries: libcares.so.2: cannot open shared object file: No such file or directory (Mon Jul 28 07:25:20 2014) [sssd] [mt_svc_exit_handler] (0x0040): Child [interop.example.com] exited with code [127] (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between service pings for [interop.example.com]: [10] (Mon Jul 28 07:25:20 2014) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [interop.example.com]: [60] (Mon Jul 28 07:25:20 2014) [sssd] [start_service] (0x0100): Queueing service interop.example.com for startup /usr/libexec/sssd/sssd_be: error while loading shared libraries: libcares.so.2: cannot open shared object file: No such file or directory (Mon Jul 28 07:25:20 2014) [sssd] [mt_svc_exit_handler] (0x0040): Child [interop.example.com] exited with code [127] (Mon Jul 28 07:25:22 2014) [sssd] [get_ping_config] (0x0100): Time between service pings for [interop.example.com]: [10] (Mon Jul 28 07:25:22 2014) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [interop.example.com]: [60] (Mon Jul 28 07:25:22 2014) [sssd] [start_service] (0x0100): Queueing service interop.example.com for startup /usr/libexec/sssd/sssd_be: error while loading shared libraries: libcares.so.2: cannot open shared object file: No such file or directory (Mon Jul 28 07:25:22 2014) [sssd] [mt_svc_exit_handler] (0x0040): Child [interop.example.com] exited with code [127] (Mon Jul 28 07:25:25 2014) [sssd] [services_startup_timeout] (0x0020): Providers did not start in time, forcing services startup! (Mon Jul 28 07:25:25 2014) [sssd] [services_startup_timeout] (0x0100): Now starting services! (Mon Jul 28 07:25:25 2014) [sssd] [get_ping_config] (0x0100): Time between service pings for [nss]: [10] (Mon Jul 28 07:25:25 2014) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [nss]: [60] (Mon Jul 28 07:25:25 2014) [sssd] [start_service] (0x0100): Queueing service nss for startup (Mon Jul 28 07:25:25 2014) [sssd] [get_ping_config] (0x0100): Time between service pings for [pam]: [10] (Mon Jul 28 07:25:25 2014) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [pam]: [60] (Mon Jul 28 07:25:25 2014) [sssd] [start_service] (0x0100): Queueing service pam for startup (Mon Jul 28 07:25:25 2014) [sssd] [get_ping_config] (0x0100): Time between service pings for [ssh]: [10] (Mon Jul 28 07:25:25 2014) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [ssh]: [60] (Mon Jul 28 07:25:25 2014) [sssd] [start_service] (0x0100): Queueing service ssh for startup (Mon Jul 28 07:25:25 2014) [sssd] [get_ping_config] (0x0100): Time between service pings for [pac]: [10] (Mon Jul 28 07:25:25 2014) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [pac]: [60] (Mon Jul 28 07:25:25 2014) [sssd]
Re: [Freeipa-users] SSSD startup failures on ipa clients
On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin wrote: > Folks, > > I just stumbled on an odd issue. I have an OpenShift deployment with 2 > brokers, 2 nodes, 1 rhc client > all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 IPA > admin (tools) client all running RHEL 7.0. > All OpenShift hosts, client and IPA client are members of IPA domain > 'interop.example.com'. > > After creating ssh public keys on the IPA admin client for user 'ose-admin1' > and uploading them into IPA, > I am able to ssh with the key to all IPA domain hosts as user 'ose-admin1' > except the 2 node hosts. > In looking closer at the 2 node hosts I noticed that SSSD keeps failing on > start: > > # service sssd restart > Stopping sssd: cat: /var/run/sssd.pid: No such file or directory > [FAILED] > Starting sssd: [FAILED] > > Starting with debug mode shows: > > [root@node1/2 ~]# sssd -d9 > (Sun Jul 27 22:12:29:527689 2014) [sssd] [check_file] (0x0400): lstat for > [/var/run/nscd/socket] failed: [2][No such file or directory]. > (Sun Jul 27 22:12:29:529293 2014) [sssd] [ldb] (0x0400): > server_sort:Unable to register control with rootdse! > (Sun Jul 27 22:12:29:529596 2014) [sssd] [confdb_get_domain_internal] > (0x0400): No enumeration for [interop.example.com]! > (Sun Jul 27 22:12:29:529646 2014) [sssd] [confdb_get_domain_internal] > (0x1000): pwd_expiration_warning is -1 > (Sun Jul 27 22:12:29:529686 2014) [sssd] [server_setup] (0x0040): Becoming > a daemon. At this point sssd became a deamon and detached from the terminal, so no more debug info was printed. Can you run sssd again, adding "-i" (interactive) this time? > > The logs show show nothing useful but this problem started during the > ipa-client-install - the log shows: > > 2014-07-23T18:40:22Z DEBUG args=/usr/sbin/authconfig --enablesssdauth > --enablemkhomedir --update --enablesssd > 2014-07-23T18:40:22Z DEBUG stdout=Starting oddjobd:[ OK ] > 2014-07-23T18:40:22Z DEBUG stderr= > 2014-07-23T18:40:22Z INFO SSSD enabled > 2014-07-23T18:40:29Z DEBUG args=/sbin/service sssd restart > 2014-07-23T18:40:29Z DEBUG stdout=Stopping sssd: [FAILED] > Starting sssd:[FAILED] > > 2014-07-23T18:40:29Z DEBUG stderr=cat: /var/run/sssd.pid: No such file or > directory > > 2014-07-23T18:40:29Z WARNING SSSD service restart was unsuccessful. > 2014-07-23T18:40:29Z DEBUG args=/sbin/chkconfig sssd on > 2014-07-23T18:40:29Z DEBUG stdout= > > Any ideas? Have we seen this before? I suppose I could uninstall the ipa > client and re-install but I didn't want > to touch anything until I hear back. > > Thanks! > > -m > > btw - All systems have been updated as of this evening. Kerberos works fine > but anything requiring > lookups is toast. > > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] SSSD startup failures on ipa clients
Folks, I just stumbled on an odd issue. I have an OpenShift deployment with 2 brokers, 2 nodes, 1 rhc client all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 IPA admin (tools) client all running RHEL 7.0. All OpenShift hosts, client and IPA client are members of IPA domain 'interop.example.com'. After creating ssh public keys on the IPA admin client for user 'ose-admin1' and uploading them into IPA, I am able to ssh with the key to all IPA domain hosts as user 'ose-admin1' except the 2 node hosts. In looking closer at the 2 node hosts I noticed that SSSD keeps failing on start: # service sssd restart Stopping sssd: cat: /var/run/sssd.pid: No such file or directory[FAILED] Starting sssd: [FAILED] Starting with debug mode shows: [root@node1/2 ~]# sssd -d9 (Sun Jul 27 22:12:29:527689 2014) [sssd] [check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory]. (Sun Jul 27 22:12:29:529293 2014) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Sun Jul 27 22:12:29:529596 2014) [sssd] [confdb_get_domain_internal] (0x0400): No enumeration for [interop.example.com]! (Sun Jul 27 22:12:29:529646 2014) [sssd] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Sun Jul 27 22:12:29:529686 2014) [sssd] [server_setup] (0x0040): Becoming a daemon. The logs show show nothing useful but this problem started during the ipa-client-install - the log shows: 2014-07-23T18:40:22Z DEBUG args=/usr/sbin/authconfig --enablesssdauth --enablemkhomedir --update --enablesssd 2014-07-23T18:40:22Z DEBUG stdout=Starting oddjobd:[ OK ] 2014-07-23T18:40:22Z DEBUG stderr= 2014-07-23T18:40:22Z INFO SSSD enabled 2014-07-23T18:40:29Z DEBUG args=/sbin/service sssd restart 2014-07-23T18:40:29Z DEBUG stdout=Stopping sssd: [FAILED] Starting sssd:[FAILED] 2014-07-23T18:40:29Z DEBUG stderr=cat: /var/run/sssd.pid: No such file or directory 2014-07-23T18:40:29Z WARNING SSSD service restart was unsuccessful. 2014-07-23T18:40:29Z DEBUG args=/sbin/chkconfig sssd on 2014-07-23T18:40:29Z DEBUG stdout= Any ideas? Have we seen this before? I suppose I could uninstall the ipa client and re-install but I didn't want to touch anything until I hear back. Thanks! -m btw - All systems have been updated as of this evening. Kerberos works fine but anything requiring lookups is toast. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project