Carl E. Ma wrote: > Thanks for all your responses! Yes, the GSS proxy is not available on > RHEL-6. For the time being, we can live with krb5_renewable_lifetime = > 365d. > > For my own curiosity, what kind of debugging tips or recommendations > included in BZ - https://bugzilla.redhat.com/show_bug.cgi?id=846109, > which I can't access with regular Redhat Bugzilla account? > > Thanks a lot, >
Probably the easiest way to get more information about where the problem is occurring is to get an autofs debug log during the test procedure. I see you already have LOGGING="debug" in your autofs configuration so all that needs to be done is ensure syslog is sending deamon level log messages to the log. I usually just add a line like: *.daemon /var/log/daemon to the syslog configuration. I always "touch /var/log/daemon" before restarting syslog as a matter of habit. I don't know if rsyslog will create the log file if it doesn't already exist. Basically, if we don't see a second mount request in the log at all then the issue is occuring before the login process is attempting to access the home directory. If we do see such a request then we may be able to see where autofs blocks (if it does block) such as when calling mount(8) (although more likley mount.nfs(8)). rob > carl > > > From: Rob Crittenden <rcritten redhat com> > To: dpal redhat com, freeipa-users redhat com > Subject: Re: [Freeipa-users] weird behavior on centos 6 > Date: Thu, 15 May 2014 09:46:28 -0400 > > Dmitri Pal wrote: > > On 05/14/2014 06:12 PM, Carl E. Ma wrote: > > Hello, > > Recently I realized our centos 6 freeipa clients hangs randomly. > With > some research, the issue is related to autofs bug, which was > mentioned > year ago - Automount fails for IPA user when kerberos ticket is > expired, ssh hangs (https://fedorahosted.org/freeipa/ticket/2980). > This ticket was closed with comment - "closed defect: invalid". > > My workaround is extending ticket_lifetime to 24h and > renew_lifetime > to 365d. I wonder whether there is better solution or some > insights of > this bug. > > Thanks, > > carl > > > Read about GSS proxy. > > > I don't believe gss-proxy is available for RHEL-6 and backporting is > unlikely. > > > The ticket is closed but the associated BZ is still open, > https://bugzilla.redhat.com/show_bug.cgi?id=846109 and has some > debugging tips and other recommendations. > > > rob > > > > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
