On (19/05/17 11:31), Joakim Tjernlund wrote:
> On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote:
> > On (19/05/17 10:37), Joakim Tjernlund wrote:
> > > On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote:
> > > > I can understand the first unlock from waking up from sleep. For the
second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any
"Got request" lines in /var/log/sssd/sssd_domain.log for the second login
attempt from the lock screen. You should be able to see if it is using cached creds or
actively trying to parse the domain server.
> > > > Can you paste your sssd.conf also?
> > >
> > > I not using a VPN, local ethernet (got wifi too bu in this case eth is
connected)
> > >
> >
> > And log file says there are problem with resolution of DNS names.
> >
> > e.g.
> > [fo_resolve_service_done] (0x0020): Failed to resolve server
'se-dc01.infinera.com': Could not contact DNS servers
> > [fo_resolve_service_done] (0x0020): Failed to resolve server
'se-dc02.infinera.com': Could not contact DNS servers
> > [fo_resolve_service_done] (0x0020): Failed to resolve server
'sv-dc01.infinera.com': Could not contact DNS servers
> > [fo_resolve_service_done] (0x0020): Failed to resolve server
'sv-dc02.infinera.com': Could not contact DNS servers
> >
> > Therefore sssd works in offline mode and therefore cannot renew a ticket.
>
> ping and nslookup work fine, I just did a new lock unlock and this is the log from
this that action.
> I still did not get a new ticket.
>
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send]
(0x0100): Trying to resolve service 'AD'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000):
Status of server 'se-dc01.infinera.com' is 'working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port
status of port 0 for server 'se-dc01.infinera.com' is 'not working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD
is unable to complete the full connection request, this internal status does not
necessarily indicate network port issues.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000):
Status of server 'se-dc02.infinera.com' is 'name resolved'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port
status of port 0 for server 'se-dc02.infinera.com' is 'not working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD
is unable to complete the full connection request, this internal status does not
necessarily indicate network port issues.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000):
Status of server 'sv-dc01.infinera.com' is 'name resolved'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port
status of port 0 for server 'sv-dc01.infinera.com' is 'not working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD
is unable to complete the full connection request, this internal status does not
necessarily indicate network port issues.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000):
Status of server 'sv-dc02.infinera.com' is 'name not resolved'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port
status of port 0 for server 'sv-dc02.infinera.com' is 'neutral'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000):
Status of server 'sv-dc02.infinera.com' is 'name not resolved'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
'sv-dc02.infinera.com' in files
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status]
(0x0100): Marking server 'sv-dc02.infinera.com' as 'resolving name'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of
'sv-dc02.infinera.com' in files
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next]
(0x0200): No more address families to retry
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in DNS
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse]
(0x1000): Parsing an A reply
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor]
(0x0400): Deleting request watch
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status]
(0x0100): Marking server 'sv-dc02.infinera.com' as 'name resolved'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process]
(0x0200): Found address for server
sv-dc02.infinera.com: [10.100.98.22] TTL 3600
looks like name was properly resolved here
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100):
Constructed uri 'ldap://sv-dc02.infinera.com'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100):
Constructed GC uri 'ldap://sv-dc02.infinera.com'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]]
[be_primary_server_timeout_activate] (0x0400): The primary server reconnection is already
scheduled
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000):
Domain
infinera.com is Active
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400):
All data has been sent!
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]]
[delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed
online authentication.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [authenticate_stored_users]
(0x0020): User [jocke(a)infinera.com] is still logged in, trying online authentication.
SSSD tried to authenticate online here.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000):
Waiting for child [15431].
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100):
child [15431] finished successfully.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_send] (0x1000):
Request [0xefd900] successfully added to wait queue of user [jocke(a)infinera.com].
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400):
EOF received, client finished
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100):
Marking port 0 of server 'sv-dc02.infinera.com' as 'not working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400):
Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'not
working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send]
(0x0100): Trying to resolve service 'AD'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000):
Status of server 'se-dc01.infinera.com' is 'working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port
status of port 0 for server 'se-dc01.infinera.com' is 'not working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD
is unable to complete the full connection request, this internal status does not
necessarily indicate network port issues.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000):
Status of server 'se-dc02.infinera.com' is 'name resolved'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port
status of port 0 for server 'se-dc02.infinera.com' is 'not working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD
is unable to complete the full connection request, this internal status does not
necessarily indicate network port issues.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000):
Status of server 'sv-dc01.infinera.com' is 'name resolved'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port
status of port 0 for server 'sv-dc01.infinera.com' is 'not working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD
is unable to complete the full connection request, this internal status does not
necessarily indicate network port issues.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000):
Status of server 'sv-dc02.infinera.com' is 'name resolved'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port
status of port 0 for server 'sv-dc02.infinera.com' is 'not working'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD
is unable to complete the full connection request, this internal status does not
necessarily indicate network port issues.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send]
(0x0020): No available servers for service 'AD'
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_done]
(0x1000): Server resolution failed: [5]: Input/output error
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_mark_dom_offline] (0x1000):
Marking back end offline
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_enable] (0x0400): Task
[Check if online (periodic)]: enabling task
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400):
Task [Check if online (periodic)]: scheduling task 81 seconds from now [1495193169]
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_run_offline_cb] (0x0080):
Going offline. Running callbacks.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400):
All data has been sent!
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400):
EOF received, client finished
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response]
(0x0020): message too short.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_done] (0x0040): Could
not parse child response [22]: Invalid argument
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_done] (0x0040):
krb5_auth_recv failed with: 22
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0020):
krb5_auth request failed.
> (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0200):
Giving back pam data.
But renew failed and sssd went offline.
Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*)
Then try to reproduce one more time and provide not only domain log file but
also *child log files.
Attachments or pastebin are usually better
then direct inclusion of log into mail.