We are seeing the following in our sssd_default.log which appears to coincide with some
authentication failures. What would cause the hostname resolution to expire? Can we change
the length of whatever timeout might be causing this?
Sorry I have to obfuscate the hostnames per company policy. The host
"XXXXX.boeing.com" is in the sssd.conf file under the [domain/default] section
as:
ldap_uri =
ldaps://XXXXX.boeing.com
(Wed Apr 17 06:30:20 2019) [sssd[be[default]]] [be_get_account_info] (0x0200): Got request
for [0x1002][FAST BE_REQ_GROUP][1][idnumber=5928]
(Wed Apr 17 06:30:20 2019) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request
processed. Returned 0,0,Success
(Wed Apr 17 06:31:22 2019) [sssd[be[default]]] [sdap_process_result] (0x0040): ldap_result
error: [Can't contact LDAP server]
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [be_get_account_info] (0x0200): Got request
for [0x3][BE_REQ_INITGROUPS][1][name=nss8297]
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying
to resolve service 'LDAP'
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [get_server_status] (0x0100): Hostname
resolution expired, resetting the server status of 'XXXXX.boeing.com'
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100):
Marking server 'XXXXX.boeing.com' as 'name not resolved'
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100):
Trying to resolve A record of 'XXXXX.boeing.com' in files
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100):
Marking server 'XXXXX.boeing.com' as 'resolving name'
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100):
Trying to resolve AAAA record of 'XXXXX.boeing.com' in files
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_next] (0x0200): No
more address families to retry
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_dns_query] (0x0100):
Trying to resolve A record of 'XXXXX.boeing.com' in DNS
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100):
Marking server 'XXXXX.boeing.com' as 'name resolved'
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [be_resolve_server_process] (0x0200): Found
address for server
XXXXX.boeing.com: [10.234.125.55] TTL 13
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [sdap_get_server_opts_from_rootdse]
(0x0200): No known USN scheme is supported by this server!
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [simple_bind_send] (0x0100): Executing
simple bind as:
cn=YYYYY.boeing.com.*,nisMapName=netGroup.byhost,ou=enterprise,ou=unix,ou=accounts,o=boeing,c=us
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port
636 of server 'XXXXX.boeing.com' as 'working'
(Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100):
Marking server 'XXXXX.boeing.com' as 'working'
Gareth Beale (bemsid: 45600)
Enterprise High Performance Computing Service
Application Infrastructure Services
Global Information Technology Infrastrucure Services
Need help?
http://iticket.web.boeing.com/secure/create.aspx?id=serverhpc / 425-234-0911