On 02/22/2016 03:51 PM, Jakub Hrozek wrote: > > Is there anything else in the logs (/var/log/sssd/*) >
Only some events after sssd went away: srvvm01:/var/log/sssd# cat sssd.log.1 (Sun Feb 21 18:02:21 2016) [sssd] [monitor_restart_service] (0x0010): Process [nss], definitely stopped! srvvm01:/var/log/sssd# cat sssd_nss.log.1 (Sun Feb 21 18:02:15 2016) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services. (Sun Feb 21 18:02:15 2016) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector (Sun Feb 21 18:02:15 2016) [sssd[nss]] [nss_process_init] (0x0010): sss_process_init() failed (Sun Feb 21 18:02:17 2016) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services. (Sun Feb 21 18:02:17 2016) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector (Sun Feb 21 18:02:17 2016) [sssd[nss]] [nss_process_init] (0x0010): sss_process_init() failed (Sun Feb 21 18:02:21 2016) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services. (Sun Feb 21 18:02:21 2016) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector (Sun Feb 21 18:02:21 2016) [sssd[nss]] [nss_process_init] (0x0010): sss_process_init() failed srvvm01:/var/log/sssd# cat sssd_pac.log.1 (Sun Feb 21 18:02:31 2016) [sssd[pac]] [pac_dp_reconnect_init] (0x0010): Could not reconnect to example.com provider. > Do you run with enumeration enabled? > Nope. sssd.conf (as generated by ipa-client-install): [domain/example.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.com id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = srvvm01.example.com chpass_provider = ipa ipa_server = _srv_, ipa2.example.com dns_discovery_domain = example.com [sssd] services = nss, sudo, pam, ssh config_file_version = 2 domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] I have to mention that I missed to add ipa2.example.com to the local /etc/hosts. This is fixed now. sssd.conf says now : ipa_server = _srv_, ipa2.example.com, ipa1.example.com : Would you recommend to enable enumeration? Regards Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
