Re: [Freeipa-users] weird behavior on centos 6

2014-05-23 Thread Carl E. Ma
Thanks for all your responses! Yes, the GSS proxy is not available on 
RHEL-6. For the time being, we can live with krb5_renewable_lifetime = 
365d.


For my own curiosity, what kind of debugging tips or recommendations 
included in BZ - https://bugzilla.redhat.com/show_bug.cgi?id=846109, 
which I can't access with regular Redhat Bugzilla account?


Thanks a lot,

carl


From: Rob Crittenden rcritten redhat com
To: dpal redhat com, freeipa-users redhat com
Subject: Re: [Freeipa-users] weird behavior on centos 6
Date: Thu, 15 May 2014 09:46:28 -0400

Dmitri Pal wrote:

On 05/14/2014 06:12 PM, Carl E. Ma wrote:

Hello,

Recently I realized our centos 6 freeipa clients hangs 
randomly. With
some research, the issue is related to autofs bug, which was 
mentioned

year ago - Automount fails for IPA user when kerberos ticket is
expired, ssh hangs (https://fedorahosted.org/freeipa/ticket/2980).
This ticket was closed with comment - closed defect: invalid.

My workaround is extending  ticket_lifetime to 24h and 
renew_lifetime
to 365d. I wonder whether there is better solution or some 
insights of

this bug.

Thanks,

carl


Read about GSS proxy.


I don't believe gss-proxy is available for RHEL-6 and backporting is 
unlikely.



The ticket is closed but the associated BZ is still open, 
https://bugzilla.redhat.com/show_bug.cgi?id=846109 and has some 
debugging tips and other recommendations.



rob




___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] weird behavior on centos 6

2014-05-23 Thread Rob Crittenden
Carl E. Ma wrote:
 Thanks for all your responses! Yes, the GSS proxy is not available on
 RHEL-6. For the time being, we can live with krb5_renewable_lifetime =
 365d.
 
 For my own curiosity, what kind of debugging tips or recommendations
 included in BZ - https://bugzilla.redhat.com/show_bug.cgi?id=846109,
 which I can't access with regular Redhat Bugzilla account?
 
 Thanks a lot,
 

Probably the easiest way to get more information about where
the problem is occurring is to get an autofs debug log during
the test procedure.

I see you already have LOGGING=debug in your autofs
configuration so all that needs to be done is ensure syslog
is sending deamon level log messages to the log. I usually
just add a line like:

*.daemon   /var/log/daemon

to the syslog configuration. I always touch /var/log/daemon
before restarting syslog as a matter of habit. I don't know if
rsyslog will create the log file if it doesn't already exist.

Basically, if we don't see a second mount request in the log
at all then the issue is occuring before the login process is
attempting to access the home directory. If we do see such a
request then we may be able to see where autofs blocks (if it
does block) such as when calling mount(8) (although more likley
mount.nfs(8)).

rob

 carl
 
 
 From: Rob Crittenden rcritten redhat com
 To: dpal redhat com, freeipa-users redhat com
 Subject: Re: [Freeipa-users] weird behavior on centos 6
 Date: Thu, 15 May 2014 09:46:28 -0400
 
 Dmitri Pal wrote:
 
 On 05/14/2014 06:12 PM, Carl E. Ma wrote:
 
 Hello,
 
 Recently I realized our centos 6 freeipa clients hangs randomly.
 With
 some research, the issue is related to autofs bug, which was
 mentioned
 year ago - Automount fails for IPA user when kerberos ticket is
 expired, ssh hangs (https://fedorahosted.org/freeipa/ticket/2980).
 This ticket was closed with comment - closed defect: invalid.
 
 My workaround is extending  ticket_lifetime to 24h and
 renew_lifetime
 to 365d. I wonder whether there is better solution or some
 insights of
 this bug.
 
 Thanks,
 
 carl
 
 
 Read about GSS proxy.
 
 
 I don't believe gss-proxy is available for RHEL-6 and backporting is
 unlikely.
 
 
 The ticket is closed but the associated BZ is still open,
 https://bugzilla.redhat.com/show_bug.cgi?id=846109 and has some
 debugging tips and other recommendations.
 
 
 rob
 
 
 
 

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] weird behavior on centos 6

2014-05-15 Thread Petr Spacek

On 15.5.2014 00:25, Dmitri Pal wrote:

On 05/14/2014 06:12 PM, Carl E. Ma wrote:

Hello,

Recently I realized our centos 6 freeipa clients hangs randomly. With some
research, the issue is related to autofs bug, which was mentioned year ago -
Automount fails for IPA user when kerberos ticket is expired, ssh hangs
(https://fedorahosted.org/freeipa/ticket/2980). This ticket was closed with
comment - closed defect: invalid.

My workaround is extending  ticket_lifetime to 24h and renew_lifetime to
365d. I wonder whether there is better solution or some insights of this bug.

Thanks,

carl


Read about GSS proxy.


Presentation  video is linked from project home page:
https://fedorahosted.org/gss-proxy/

--
Petr^2 Spacek

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] weird behavior on centos 6

2014-05-15 Thread Rob Crittenden

Dmitri Pal wrote:

On 05/14/2014 06:12 PM, Carl E. Ma wrote:

Hello,

Recently I realized our centos 6 freeipa clients hangs randomly. With
some research, the issue is related to autofs bug, which was mentioned
year ago - Automount fails for IPA user when kerberos ticket is
expired, ssh hangs (https://fedorahosted.org/freeipa/ticket/2980).
This ticket was closed with comment - closed defect: invalid.

My workaround is extending  ticket_lifetime to 24h and renew_lifetime
to 365d. I wonder whether there is better solution or some insights of
this bug.

Thanks,

carl


Read about GSS proxy.



I don't believe gss-proxy is available for RHEL-6 and backporting is 
unlikely.


The ticket is closed but the associated BZ is still open, 
https://bugzilla.redhat.com/show_bug.cgi?id=846109 and has some 
debugging tips and other recommendations.


rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users