We are seeing the following in our sssd_default.log which appears to coincide with some authentication failures. What would cause the hostname resolution to expire? Can we change the length of whatever timeout might be causing this?

 

Sorry I have to obfuscate the hostnames per company policy. The host “XXXXX.boeing.com” is in the sssd.conf file under the [domain/default] section as:

 

ldap_uri = ldaps://XXXXX.boeing.com

 

 

(Wed Apr 17 06:30:20 2019) [sssd[be[default]]] [be_get_account_info] (0x0200): Got request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=5928]

(Wed Apr 17 06:30:20 2019) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success

(Wed Apr 17 06:31:22 2019) [sssd[be[default]]] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server]

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [be_get_account_info] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][1][name=nss8297]

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [get_server_status] (0x0100): Hostname resolution expired, resetting the server status of 'XXXXX.boeing.com'

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'XXXXX.boeing.com' as 'name not resolved'

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'XXXXX.boeing.com' in files

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'XXXXX.boeing.com' as 'resolving name'

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'XXXXX.boeing.com' in files

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'XXXXX.boeing.com' in DNS

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'XXXXX.boeing.com' as 'name resolved'

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [be_resolve_server_process] (0x0200): Found address for server XXXXX.boeing.com: [10.234.125.55] TTL 13

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [sdap_get_server_opts_from_rootdse] (0x0200): No known USN scheme is supported by this server!

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [simple_bind_send] (0x0100): Executing simple bind as: cn=YYYYY.boeing.com.*,nisMapName=netGroup.byhost,ou=enterprise,ou=unix,ou=accounts,o=boeing,c=us

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port 636 of server 'XXXXX.boeing.com' as 'working'

(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'XXXXX.boeing.com' as 'working'

 

 

Gareth Beale (bemsid: 45600)
Enterprise High Performance Computing Service

Application Infrastructure Services

Global Information Technology Infrastrucure Services

Need help? http://iticket.web.boeing.com/secure/create.aspx?id=serverhpc / 425-234-0911