On (24/02/16 14:28), Marat Vyshegorodtsev wrote: >> Are you just toying with this or did something go horribly wrong and >you're trying to restore a production environment? > >This. :-( > >I have actually rebuilt the environment from scratch, then wrote a >perl script that just recreated all users from the ldif using ipa >user-add and reset password for everyone. > >After the fresh install the following command was used for each user: >ipa user-add --first='John' --last='Doe' --uid=1603600001 >--gid=1603600001 --email='john....@contoso.com' --sshpubkey='ssh-rsa ><keyhere>' --random john.doe > >I had to force uids/gids, so that users don't lose access to their home >folders. > >I have regenerated keytabs on all client hosts, but now there is some >weird behavior is demonstrated by sssd: users intermittently fail to >login. This is a log from a client machine (Amazon Linux 2015.09): > >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [accept_fd_handler] (0x0400): >Client connected! >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): >Received client version [0]. >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): >Offered version [0]. >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [ssh_cmd_parse_request] >(0x0400): Requested domain [<ALL>] >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [ssh_cmd_parse_request] >(0x0400): Parsing name [marat.vyshegorodtsev][<ALL>] >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sss_parse_name_for_domains] >(0x0200): name 'marat.vyshegorodtsev' matched without domain, user is >marat.vyshegorodtsev >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sss_ssh_cmd_get_user_pubkeys] >(0x0400): Requesting SSH user public keys for [marat.vyshegorodtsev] >from [<ALL>] >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sss_dp_issue_request] >(0x0400): Issuing request for >[0x40b2d0:1:marat.vyshegorodt...@contoso.com] >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sss_dp_get_account_msg] >(0x0400): Creating request for >[contoso.com][1][1][name=marat.vyshegorodtsev] >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sbus_add_timeout] (0x2000): 0xb99c10 >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sss_dp_internal_get_send] >(0x0400): Entering request >[0x40b2d0:1:marat.vyshegorodt...@contoso.com] >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sbus_remove_timeout] (0x2000): 0xb99c10 >(Wed Feb 24 22:08:49 2016) [sssd[ssh]] [sss_dp_get_reply] (0x1000): >Got reply from Data Provider - DP error code: 1 errno: 11 error >message: Offline sssd works in offline mode. You can find reason/more details would be in different log files (sssd_$domain.log).
You instaled server from scratch you it might be acertificate issue (just a wild guess). LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project