On 2012-08-23 11:18, Jakub Hrozek wrote:
On Thu, Aug 23, 2012 at 11:07:31AM +0200, Franky Van Liedekerke
wrote:
> Hi,
>
> I just had a weird situation: one of my servers suddenly no longer
> allowed me to log in (pam auth via sssd).
> Looking in the log for sssd, I had this message once every minute:
>
> [sssd[pam]] [pam_dp_reconnect_init] (0): Could not reconnect to LDAP
> provider.
>
> Also, "getent passwd" no longer showed any ldap users.
> Everything seemed correct, also the ldap servers, so I just
> restarted the sssd daemon and all was well again.
> Shouldn't the retry options of sssd just do that?
> I have this as sssd config (obfuscated a bit):
>
Most likely this means the Data Provider had crashed. Can you check
syslog
for messages that would indicate a crash?
The Data Provider should have respawned and the PAM Provider should
have
reconnected, though..I just ran a quick-n-dirty test locally, killed
the
sssb_be process and the sssd_pam reconnected fine for me..
Unfortunately it seems that debugging is completely off according to
your config file, I assume that there is nothing interesting in
/var/log/sssd/*.log ?
In sssd_pam, I have these messages starting from Aug 19 (every minute):
(Sun Aug 19 05:09:28 2012) [sssd[pam]] [pam_dp_reconnect_init] (0):
Could not reconnect to LDAP provider.
but in syslog I only have this one line from Aug 20:
Aug 20 16:46:45 bqsma0001ap sssd[be[LDAP]]: LDAP connection error:
(null)
For the rest there's no log (since of course it's a prod system). Is
there a logging level I can safely set that will not fill my partition?
Also, for completeness: version sssd-1.5.1-66.el6_2.3.x86_64 on CentOS
6.2. Maybe some patch after that version fixed it, since 1.8 is already
released.
Franky