On Wed, Sep 19, 2018 at 02:04:28PM +0200, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
I read somewhere that it is not recommended to run nscd to cache
passwd on ipa clients, but I wonder: What if?
It's not technically impossible, but you'd get one more caching layer,
so the setup would be less predictable, e.g. knowing where did a NSS
reply come from is more complex, it could be from nscd, it could be from
sssd, ...
I still have the problem that sometimes some sssd components
disappear somehow, e.g. sssd_pam. The logfile on our mail gateway
said
:
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result
[0]: Success.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter]
not available, not fatal.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 74
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result
[4]: System error.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter]
not available, not fatal.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result
[4]: System error.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter]
not available, not fatal.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): Client already
disconnected
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [pam_dp_process_reply] (0x0080): Client already
disconnected
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0020): Performing
auto-reconnect
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting.
Deferring.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting.
Deferring.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting.
Deferring.
(Tue Sep 18 22:34:28 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is reconnecting.
Deferring.
This indicated a crash in sssd_be...I don't know Debian almost at all,
but I would check the syslog for evidence..
> :
> :
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req
returned 11
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with
result [4]: System error.
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [filter_responses] (0x0100):
[pam_response_filter] not available, not fatal.
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 26
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is
reconnecting. Deferring.
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [client_recv] (0x0200): Client disconnected!
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is
reconnecting. Deferring.
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is
reconnecting. Deferring.
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is
reconnecting. Deferring.
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is
reconnecting. Deferring.
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_dispatch] (0x0400): SBUS is
reconnecting. Deferring.
> :
> :
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection
attempt 1 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_aixigo.de]
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected to
[unix:path=/var/lib/sss/pipes/private/sbus-dp_aixigo.de]
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [sbus_conn_register_path] (0x0400):
Registering object path /org/freedesktop/sssd/responder with D-Bus connection
> (Tue Sep 18 22:34:29 2018) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected
to the Data Provider.
> :
>
> Some EMails were bounced with user unknown at the same time, so I would
> guess there is a coincidence. Question is, could nscd be an option here,
> providing an additional cache for user accounts? What side effects could
> come up?
>
> Platform is Debian 9, sssd is version 1.16.2, nscd version 2.24.
>
>
> Every helpful comment is highly appreciated.
> Regards
> Harri
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...