Craig White wrote: > *From:*Dmitri Pal [mailto:[email protected]] > *Sent:* Tuesday, October 28, 2014 5:10 PM > *To:* Craig White; [email protected] > *Subject:* Re: [Freeipa-users] getent passwd / group [SOLVED] > > > > On 10/28/2014 04:41 PM, Craig White wrote: > > *From:*[email protected] > <mailto:[email protected]> > [mailto:[email protected]] *On Behalf Of *Craig White > *Sent:* Tuesday, October 28, 2014 1:28 PM > *To:* [email protected] <mailto:[email protected]>; > [email protected] <mailto:[email protected]> > *Subject:* Re: [Freeipa-users] getent passwd / group [SOLVED] > > > > *From:*Dmitri Pal [mailto:[email protected]] > *Sent:* Tuesday, October 28, 2014 10:04 AM > *To:* Craig White; [email protected] > <mailto:[email protected]> > *Subject:* Re: [Freeipa-users] getent passwd / group > > > > On 10/28/2014 12:11 PM, Craig White wrote: > > *From:*[email protected] > <mailto:[email protected]> > [mailto:[email protected]] *On Behalf Of *Dmitri Pal > *Sent:* Monday, October 27, 2014 5:32 PM > *To:* [email protected] <mailto:[email protected]> > *Subject:* Re: [Freeipa-users] getent passwd / group > > > > On 10/27/2014 07:38 PM, Craig White wrote: > > RHEL 6.5 new install > > ipa-server-3.0.0-42.el6.x86_64 > > 389-ds-base-1.2.11.15-47.el6.x86_64 > > > > On the master, I get nothing > > > > [root@ipa001 log]# getent passwd admin > > [root@ipa001 log]# > > > > But it works on the replica as expected > > > > [root@ipa002nadev01 ~]# getent passwd admin > > admin:*:1140000000:1110000000:Administrator:/home/admin:/bin/bash > > > > I am used to using PADL / NSSWITCH with OpenLDAP and I am > rather surprised that on both, getent passwd and getent > group return only entries from local files but then again, > Ive never used sssd before. > > > > REJECT all -- 0.0.0.0/0 0.0.0.0/0 > reject-with icmp-host-prohibited > > > Then we need SSSD logs with the debug_level in the right sections as > Jakub mentioned in his mail. > ---- > > Sorry I had a long meeting and should have noted that after > restarting SSSD, it all started working again as expected. Clearly > something I have to watch for and indeed, I moved the debug to the > domain section for future. > > I should add came to the realization that restarting sssd and went to > long meeting, then came back and couldnt log into ipa console or Kerberos > and had to restart IPA service to restart Kerberos. > > > > IPA is logging nothing. > > > > This is not the first time I have had to go through this cycle it seems > that somehow, the IPA server is sensitive to the SSSD daemon and if the SSSD > goes haywire, when I restart SSSD, IPA is not functioning and must be > restarted too. > > > > Thanks > > > > Craig > > > Is this on the same server? > ---- > > Yes, same server the one I call the master. The first one I set up. Im > getting tuned in to the checking the status of dirsrv and ipa but now I > know to check the status of the sssd too. > > > > Seems like it crashes a little too easily I doubt I did much to harm it I > am fairly experienced with OpenLDAP and in fact used 389-server back when it > was called FedoraDS. > > > > But it is running now, and seemingly will stay running for some time and I am > upping the logging and watching for a crash like Richard said to provide some > debug logs if possible. Sort of wish I could have just started with RHEL 7 > and the updated IPA.
Ok, and to be clear if it crashes again Rich needs to get a stacktrace. Logs won't be enough. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
