On Wed, Apr 17, 2019 at 06:21:18PM +0000, Beale (US), Gareth wrote: > We are seeing the following in our sssd_default.log which appears to coincide > with some authentication failures. What would cause the hostname resolution > to expire? Can we change the length of whatever timeout might be causing this?
The resolver internally caches the host name resolution for the duration of the TTL as provided by DNS however, I'm not sure this is the issue, did the bind that failed with "Can't contact LDAP server" tried to also contact the server XXXXX? > > Sorry I have to obfuscate the hostnames per company policy. The host > "XXXXX.boeing.com" is in the sssd.conf file under the [domain/default] > section as: > > ldap_uri = ldaps://XXXXX.boeing.com > > > (Wed Apr 17 06:30:20 2019) [sssd[be[default]]] [be_get_account_info] > (0x0200): Got request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=5928] > (Wed Apr 17 06:30:20 2019) [sssd[be[default]]] [acctinfo_callback] (0x0100): > Request processed. Returned 0,0,Success > (Wed Apr 17 06:31:22 2019) [sssd[be[default]]] [sdap_process_result] > (0x0040): ldap_result error: [Can't contact LDAP server] > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [be_get_account_info] > (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][1][name=nss8297] > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [fo_resolve_service_send] > (0x0100): Trying to resolve service 'LDAP' > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [get_server_status] (0x0100): > Hostname resolution expired, resetting the server status of 'XXXXX.boeing.com' > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] > (0x0100): Marking server 'XXXXX.boeing.com' as 'name not resolved' > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] > [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of > 'XXXXX.boeing.com' in files > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] > (0x0100): Marking server 'XXXXX.boeing.com' as 'resolving name' > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] > [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of > 'XXXXX.boeing.com' in files > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_next] > (0x0200): No more address families to retry > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] > [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of > 'XXXXX.boeing.com' in DNS > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] > (0x0100): Marking server 'XXXXX.boeing.com' as 'name resolved' > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [be_resolve_server_process] > (0x0200): Found address for server XXXXX.boeing.com: [10.234.125.55] TTL 13 > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] > [sdap_get_server_opts_from_rootdse] (0x0200): No known USN scheme is > supported by this server! > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [sdap_cli_auth_step] (0x0100): > expire timeout is 900 > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [simple_bind_send] (0x0100): > Executing simple bind as: > cn=YYYYY.boeing.com.*,nisMapName=netGroup.byhost,ou=enterprise,ou=unix,ou=accounts,o=boeing,c=us > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [fo_set_port_status] (0x0100): > Marking port 636 of server 'XXXXX.boeing.com' as 'working' > (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] > (0x0100): Marking server 'XXXXX.boeing.com' as 'working' > > > Gareth Beale (bemsid: 45600) > Enterprise High Performance Computing Service > Application Infrastructure Services > Global Information Technology Infrastrucure Services > Need help? http://iticket.web.boeing.com/secure/create.aspx?id=serverhpc / > 425-234-0911 > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
