I'm seeing the following in my sssd_DOMAIN.log:
(Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0200): Found address for server SERVER.DOMAIN: [XX.XX.XX.XX] TTL 86400 (Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://SERVER.DOMAIN'
(Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [fo_get_server_hostent] (0x0020): Bug: Trying to get hostent from a name-less server (Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [write_krb5info_file_from_fo_server] (0x0020): Server without name and address found in list.
(Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [krb5_add_krb5info_offline_callback] (0x4000): Removal callback already available for service [IPA].
Are the messages in the middle anything to worry about? Doesn't sound particularly good.
Thanks,
Orion
On Thu, Jan 09, 2020 at 03:20:32PM -0700, Orion Poplawski wrote:
I'm seeing the following in my sssd_DOMAIN.log:
Hi,
which version of SSSD are you using and how does your sssd.conf looks like?
(Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0200): Found address for server SERVER.DOMAIN: [XX.XX.XX.XX] TTL 86400 (Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://SERVER.DOMAIN'
(Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [fo_get_server_hostent] (0x0020): Bug: Trying to get hostent from a name-less server
Do you see this all the time or only for a particular server?
(Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [write_krb5info_file_from_fo_server] (0x0020): Server without name and address found in list.
(Thu Jan 9 15:03:30 2020) [sssd[be[DOMAIN]]] [krb5_add_krb5info_offline_callback] (0x4000): Removal callback already available for service [IPA].
Are the messages in the middle anything to worry about? Doesn't sound particularly good.
Some time ago the handling of the krb5info files for the Kerberos locator plugin was enhanced by adding not only the IP address of the current KDC to the file but the names of the next ones SSSD would consider as well. With this other Kerberos clients have a chance to fall back to other KDC if the one currently preferred by SSSD in not available anymore and SSSD so far didn't notice this.
The error comes from this part of the code. So I think the worst case would be that some KDC names in the krb5info file might be missing.
HTH
bye, Sumit
Thanks,
Orion
-- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 https://www.nwra.com/
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users@lists.fedorahosted.org
-
Orion Poplawski -
Sumit Bose