Hello,
I am encountering a persistent issue with sssd intermittently identifying the ipa backend as offline and failing to return online. Initially, I temporarily resolved this by restarting the service, but the problem persists without a permanent solution. I am reluctant to restart the service each time a user encounters this issue.
When sssd indicates that backend is Offline in the logs, I can successfully execute 'id' and 'kinit' commands for the affected user. The 'id' command retrieves the actual groups stored in FreeIPA, confirming that FreeIPA is operational and healthy. However, sssd seems to disagree and indicates otherwise.
I've provided a link to a comprehensive log file containing all entries from /var/log/sssd/ during the SSH login attempt for the 'test-user-ssh':
https://disk.yandex.ru/d/NgiMAHUxgh24Dw
My system configurations are as follows:
sssd version: sssd-2.6.1-alt2.x86_64 freeipa-client version: freeipa-client-4.8.9-alt4.c9f2.3.x86_64 Here is a snippet of my sssd.conf file, in its default state post ipa-client-install:
plaintext Copy code [domain/custom.in-realm.domain] id_provider = ipa ipa_server = ipa-01.my-realm.internal ipa_domain = custom.in-realm.domain ipa_hostname = studio-01.custom.in-realm.domain krb5_realm = MY-REALM.INTERNAL auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True
[sssd] config_file_version = 2 services = nss, pam, ssh, sudo user = _sssd domains = custom.in-realm.domain
[nss] [ssh] [sudo] Any insights or assistance in resolving this recurring sssd issue would be greatly appreciated.
Seems the mailing list got abandoned. Try raising an issue on https://github.com/SSSD/sssd ... it seems a bit more alive.
Il giorno lun 20 nov 2023 alle ore 13:24 dweller dweller vudex@yandex.ru ha scritto:
Hello,
I am encountering a persistent issue with sssd intermittently identifying the ipa backend as offline and failing to return online. Initially, I temporarily resolved this by restarting the service, but the problem persists without a permanent solution. I am reluctant to restart the service each time a user encounters this issue.
When sssd indicates that backend is Offline in the logs, I can successfully execute 'id' and 'kinit' commands for the affected user. The 'id' command retrieves the actual groups stored in FreeIPA, confirming that FreeIPA is operational and healthy. However, sssd seems to disagree and indicates otherwise.
I've provided a link to a comprehensive log file containing all entries from /var/log/sssd/ during the SSH login attempt for the 'test-user-ssh':
https://disk.yandex.ru/d/NgiMAHUxgh24Dw
My system configurations are as follows:
sssd version: sssd-2.6.1-alt2.x86_64 freeipa-client version: freeipa-client-4.8.9-alt4.c9f2.3.x86_64 Here is a snippet of my sssd.conf file, in its default state post ipa-client-install:
plaintext Copy code [domain/custom.in-realm.domain] id_provider = ipa ipa_server = ipa-01.my-realm.internal ipa_domain = custom.in-realm.domain ipa_hostname = studio-01.custom.in-realm.domain krb5_realm = MY-REALM.INTERNAL auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True
[sssd] config_file_version = 2 services = nss, pam, ssh, sudo user = _sssd domains = custom.in-realm.domain
[nss] [ssh] [sudo] Any insights or assistance in resolving this recurring sssd issue would be greatly appreciated. -- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
sssd-users@lists.fedorahosted.org
-
Diego Zuccato -
dweller dweller