Hi,
I have sssd + autofs working properly on 20+ machines. Recently, 1 of those machine has been not functioning properly (it might be linked to a power failure). Essentially, after any user logs into the machine, they get a: .bashrc: permission denied
I thought that this could have been linked to a corrupt cache, so i deleted everything in my /var/lib/sss/db folder and restarted sssd. This didn't fix my problem.?
Does anyone else have some suggestions as to what i can try? My logs are very large (6.5GB), so i could post them. but maybe there aren't necessary since maybe someone knows what the problem is.
Thanks!
Thomas
?Hi,
I forgot to mention that after a user logs in and get a permission denied, if i do: klist, there is no kerebos ticket.
Thomas
________________________________ From: Thomas Beaudry Sent: Tuesday, October 10, 2017 10:13 AM To: sssd-users@lists.fedorahosted.org Subject: debugging sssd / autofs problem
Hi,
I have sssd + autofs working properly on 20+ machines. Recently, 1 of those machine has been not functioning properly (it might be linked to a power failure). Essentially, after any user logs into the machine, they get a: .bashrc: permission denied
I thought that this could have been linked to a corrupt cache, so i deleted everything in my /var/lib/sss/db folder and restarted sssd. This didn't fix my problem.?
Does anyone else have some suggestions as to what i can try? My logs are very large (6.5GB), so i could post them. but maybe there aren't necessary since maybe someone knows what the problem is.
Thanks!
Thomas
On (10/10/17 14:14), Thomas Beaudry wrote:
?Hi,
I forgot to mention that after a user logs in and get a permission denied, if i do: klist, there is no kerebos ticket.
Thomas
From: Thomas Beaudry Sent: Tuesday, October 10, 2017 10:13 AM To: sssd-users@lists.fedorahosted.org Subject: debugging sssd / autofs problem
Hi,
I have sssd + autofs working properly on 20+ machines. Recently, 1 of those machine has been not functioning properly (it might be linked to a power failure). Essentially, after any user logs into the machine, they get a: .bashrc: permission denied
I thought that this could have been linked to a corrupt cache, so i deleted everything in my /var/lib/sss/db folder and restarted sssd. This didn't fix my problem.?
Does anyone else have some suggestions as to what i can try? My logs are very large (6.5GB), so i could post them. but maybe there aren't necessary since maybe someone knows what the problem is.
Some debugging info is described on page https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
Your log is really huge. How old is it? Maybe it will help if you remove/truncate log files and restart sssd.
And I would expect some error in domain log file. sssd_autofs is quite stable.
BTW I sometime filter most critical messages files with simple grep grep -nE "(0x00[1-9]0)" var/log/sssd/sssd_default.log And then I try to find first relevant error in log file and check previous lines.
HTH
LS
Hi Again,
User feedback indicates that my kerberos tickets are being destroyed, since they aren't showing up when they type klist even though they were created 30 minutes ago, and set to expire in 10 hours.
Thomas
________________________________ From: Thomas Beaudry Sent: Tuesday, October 10, 2017 10:14 AM To: sssd-users@lists.fedorahosted.org Subject: Re: debugging sssd / autofs problem
?Hi,
I forgot to mention that after a user logs in and get a permission denied, if i do: klist, there is no kerebos ticket.
Thomas
________________________________ From: Thomas Beaudry Sent: Tuesday, October 10, 2017 10:13 AM To: sssd-users@lists.fedorahosted.org Subject: debugging sssd / autofs problem
Hi,
I have sssd + autofs working properly on 20+ machines. Recently, 1 of those machine has been not functioning properly (it might be linked to a power failure). Essentially, after any user logs into the machine, they get a: .bashrc: permission denied
I thought that this could have been linked to a corrupt cache, so i deleted everything in my /var/lib/sss/db folder and restarted sssd. This didn't fix my problem.?
Does anyone else have some suggestions as to what i can try? My logs are very large (6.5GB), so i could post them. but maybe there aren't necessary since maybe someone knows what the problem is.
Thanks!
Thomas
On (10/10/17 20:18), Thomas Beaudry wrote:
Hi Again,
User feedback indicates that my kerberos tickets are being destroyed, since they aren't showing up when they type klist even though they were created 30 minutes ago, and set to expire in 10 hours.
I am a little bit lost. Do you have a problem with autofs that sssd does not provide maps from LDAP server?
Or there is a problem with user authentication that you did not get a valid ticket. It might happen when sssd is in offline mode and offline authentication was used.
LS
Hi Lukas,
I'm sorry i wasn't clear enough, the problem has been evolving, I no longer think there is an issue with autofs
Essentially what is happening on 1 machine is that kerebos tickets are getting destroyed before their expiration. These tickets should be valid for 10 hours, but after 30+ mins, when a user types klist, they don't see their ticket anymore.
Thomas ________________________________________ From: Lukas Slebodnik lslebodn@redhat.com Sent: Wednesday, October 11, 2017 7:24 AM To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: debugging sssd / autofs problem
On (10/10/17 20:18), Thomas Beaudry wrote:
Hi Again,
User feedback indicates that my kerberos tickets are being destroyed, since they aren't showing up when they type klist even though they were created 30 minutes ago, and set to expire in 10 hours.
I am a little bit lost. Do you have a problem with autofs that sssd does not provide maps from LDAP server?
Or there is a problem with user authentication that you did not get a valid ticket. It might happen when sssd is in offline mode and offline authentication was used.
LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On (11/10/17 14:44), Thomas Beaudry wrote:
Hi Lukas,
I'm sorry i wasn't clear enough, the problem has been evolving, I no longer think there is an issue with autofs
Essentially what is happening on 1 machine is that kerebos tickets are getting destroyed before their expiration. These tickets should be valid for 10 hours, but after 30+ mins, when a user types klist, they don't see their ticket anymore.
What type of kerberos ccache do you use? FILE, DIR, KEYRING ...
Because sssd does not call equivalent to "kdestroy" It can refresh krb5 ticket if it is online and option krb5_renew_interval is configured You can find more details in man sssd-krb5.
LS
Hi,
I am using FILE. From my /etc/krb5.conf: default_ccache_name = FILE:/tmp/krb5cc_%{uid} I am also not using krb5_renew_interval. Maybe someone else is causing these tickets to be destroyed.
Thomas
________________________________________ From: Lukas Slebodnik lslebodn@redhat.com Sent: Wednesday, October 11, 2017 12:11 PM To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: debugging sssd / autofs problem
On (11/10/17 14:44), Thomas Beaudry wrote:
Hi Lukas,
I'm sorry i wasn't clear enough, the problem has been evolving, I no longer think there is an issue with autofs
Essentially what is happening on 1 machine is that kerebos tickets are getting destroyed before their expiration. These tickets should be valid for 10 hours, but after 30+ mins, when a user types klist, they don't see their ticket anymore.
What type of kerberos ccache do you use? FILE, DIR, KEYRING ...
Because sssd does not call equivalent to "kdestroy" It can refresh krb5 ticket if it is online and option krb5_renew_interval is configured You can find more details in man sssd-krb5.
LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
sssd-users@lists.fedorahosted.org