On Thu, Jan 09, 2020 at 03:20:32PM -0700, Orion Poplawski wrote: > I'm seeing the following in my sssd_DOMAIN.log:
Hi, which version of SSSD are you using and how does your sssd.conf looks like? > > (Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [be_resolve_server_process] > (0x0200): Found address > for server SERVER.DOMAIN: [XX.XX.XX.XX] TTL 86400 > (Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [ipa_resolve_callback] (0x0400): > Constructed uri 'ldap://SERVER.DOMAIN' > > (Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [fo_get_server_hostent] > (0x0020): Bug: Trying to get hostent from a name-less server Do you see this all the time or only for a particular server? > (Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] > [write_krb5info_file_from_fo_server] (0x0020): Server without name and address > found in list. > > (Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] > [krb5_add_krb5info_offline_callback] (0x4000): Removal callback already > available for service [IPA]. > > Are the messages in the middle anything to worry about? Doesn't sound > particularly good. Some time ago the handling of the krb5info files for the Kerberos locator plugin was enhanced by adding not only the IP address of the current KDC to the file but the names of the next ones SSSD would consider as well. With this other Kerberos clients have a chance to fall back to other KDC if the one currently preferred by SSSD in not available anymore and SSSD so far didn't notice this. The error comes from this part of the code. So I think the worst case would be that some KDC names in the krb5info file might be missing. HTH bye, Sumit > > Thanks, > > Orion > > -- > Orion Poplawski > Manager of NWRA Technical Systems 720-772-5637 > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > 3380 Mitchell Lane [email protected] > Boulder, CO 80301 https://www.nwra.com/ > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
