So Trellix did not accept this as a bug in their healthcheck script. We
put in a RFE with tem to do this healthcheck invocation using setpriv or
su -c. Which doesn't trigger the LDAP queries.
Now we have an open case with RH Tech Support on this. Basically, when
sudo is invoked as root and we
On 10/6/23, 11:52, "Sam Morris" wrote:
__
On 04/10/2023 17:02, Spike White wrote:
> We see in other places in this McAfee script that they run this command
> using 'su' instead of 'sudo'.
>
> su -s /bin/sh -c
On 04/10/2023 17:02, Spike White wrote:
We see in other places in this McAfee script that they run this command
using 'su' instead of 'sudo'.
su -s /bin/sh -c "LD_LIBRARY_PATH=... ${PROGROOT}/bin/macmnsvc
status" mfe
Running this command via 'su' instead of 'sudo' would not trigger
This gave us enough insight to track down the culprit.
BTW, it seems that RHEL7 sssd_amer.corp.com.log does not give sufficient
detail to tell us it's sssd.nss service. But RHEL8 or RHEL9 version of
sssd gives us this detail.
So we find consistently, it's sudo. Example:
(2023-10-04 9:00:01):
On Wed, Oct 4, 2023 at 11:40 AM Alexey Tikhonov wrote:
>
>
> On Tue, Oct 3, 2023 at 11:22 PM Spike White
> wrote:
>
>> Alexey,
>>
>> Yes I see that now. That every time it starts a new LDAP connection, it
>> starts by querying rootDSE. So I have to look further in the logs.
>>
>> I think I
On Tue, Oct 3, 2023 at 11:22 PM Spike White wrote:
> Alexey,
>
> Yes I see that now. That every time it starts a new LDAP connection, it
> starts by querying rootDSE. So I have to look further in the logs.
>
> I think I have discerned a pattern. It appears that on each hour and
> half-hour,
Alexey,
Yes I see that now. That every time it starts a new LDAP connection, it
starts by querying rootDSE. So I have to look further in the logs.
I think I have discerned a pattern. It appears that on each hour and
half-hour, it's querying the members of the simple_allow_groups line. I
have
On Mon, Oct 2, 2023 at 7:01 PM Spike White wrote:
>
> So the idea to turn on debug_level = 9 on the client and view the logs was
> inspired. We turned on debug level 9 on 4 clients;
>
> 2 in the list (that we got from AD team of servers in that AMERAustin site
> hitting the non-AMER Austin AD
So the idea to turn on debug_level = 9 on the client and view the logs was
inspired. We turned on debug level 9 on 4 clients;
2 in the list (that we got from AD team of servers in that AMERAustin site
hitting the non-AMER Austin AD DCs).
2 not in their list. (1 in another AMER site).
Hi,
On Mon, Oct 2, 2023 at 6:20 AM Spike White wrote:
> All,
>
> Is there anything in sssd's RHEL and RHEL-like Linux server OS settings
> that perform LDAP binds or connections to AD every 30 minutes?
>
> What our AD team is seeing is all of the DCs in our biggest AMER AD site
> peak with LDAP
10 matches
Mail list logo
