Re: [Freeipa-users] Intermittent delay in authentication
On Wed, Aug 15, 2012 at 09:03:37PM +, Steven Jones wrote: Is there a bugtraq? https://fedorahosted.org/sssd/ticket/1447 https://bugzilla.redhat.com/show_bug.cgi?id=845253 regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Intermittent delay in authentication
On Tue, Aug 14, 2012 at 03:28:52PM -0500, KodaK wrote: I apologize in advance for not having very much information to go on. We have exactly 100 hosts in IPA right now. On occasion, maybe once or twice a day, all authentication just pauses for some amount of time. It can range from just a few seconds to about 30 seconds. I can see this happen, I can be doing an su on one box and an ssh into another, and people will yell over the cube walls that it's happening again but after a few seconds everything will start flowing again. I've been watching logs and I don't see anything that's corresponding with these events, but I'm willing to take any advice at the moment. What *could* cause something like this? Does replication block authentication (I can't imagine that it does.) I'm absolutely sure I have something misconfigured, but I don't even know where to start on this one. I suspect this is a SSSD issue. Is is possible that one of your replicas might have been unreachable at some point? We've had a bug where the SSSD would attempt to get a TGT from a replica rather than master and if that failed b/c the replica was down, the whole SSSD went offline. Anyhow, I think that SSSD domain logs would tell us more. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Intermittent delay in authentication
Hi, YesLast time we lost a switch at DR which is 5km away on dark fibre...the 002 replica is at DR. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Jakub Hrozek [jhro...@redhat.com] Sent: Wednesday, 15 August 2012 8:23 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Intermittent delay in authentication On Tue, Aug 14, 2012 at 03:28:52PM -0500, KodaK wrote: I apologize in advance for not having very much information to go on. We have exactly 100 hosts in IPA right now. On occasion, maybe once or twice a day, all authentication just pauses for some amount of time. It can range from just a few seconds to about 30 seconds. I can see this happen, I can be doing an su on one box and an ssh into another, and people will yell over the cube walls that it's happening again but after a few seconds everything will start flowing again. I've been watching logs and I don't see anything that's corresponding with these events, but I'm willing to take any advice at the moment. What *could* cause something like this? Does replication block authentication (I can't imagine that it does.) I'm absolutely sure I have something misconfigured, but I don't even know where to start on this one. I suspect this is a SSSD issue. Is is possible that one of your replicas might have been unreachable at some point? We've had a bug where the SSSD would attempt to get a TGT from a replica rather than master and if that failed b/c the replica was down, the whole SSSD went offline. Anyhow, I think that SSSD domain logs would tell us more. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Intermittent delay in authentication
Is there a bugtraq? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Jakub Hrozek [jhro...@redhat.com] Sent: Wednesday, 15 August 2012 8:23 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Intermittent delay in authentication On Tue, Aug 14, 2012 at 03:28:52PM -0500, KodaK wrote: I apologize in advance for not having very much information to go on. We have exactly 100 hosts in IPA right now. On occasion, maybe once or twice a day, all authentication just pauses for some amount of time. It can range from just a few seconds to about 30 seconds. I can see this happen, I can be doing an su on one box and an ssh into another, and people will yell over the cube walls that it's happening again but after a few seconds everything will start flowing again. I've been watching logs and I don't see anything that's corresponding with these events, but I'm willing to take any advice at the moment. What *could* cause something like this? Does replication block authentication (I can't imagine that it does.) I'm absolutely sure I have something misconfigured, but I don't even know where to start on this one. I suspect this is a SSSD issue. Is is possible that one of your replicas might have been unreachable at some point? We've had a bug where the SSSD would attempt to get a TGT from a replica rather than master and if that failed b/c the replica was down, the whole SSSD went offline. Anyhow, I think that SSSD domain logs would tell us more. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Intermittent delay in authentication
I apologize in advance for not having very much information to go on. We have exactly 100 hosts in IPA right now. On occasion, maybe once or twice a day, all authentication just pauses for some amount of time. It can range from just a few seconds to about 30 seconds. I can see this happen, I can be doing an su on one box and an ssh into another, and people will yell over the cube walls that it's happening again but after a few seconds everything will start flowing again. I've been watching logs and I don't see anything that's corresponding with these events, but I'm willing to take any advice at the moment. What *could* cause something like this? Does replication block authentication (I can't imagine that it does.) I'm absolutely sure I have something misconfigured, but I don't even know where to start on this one. -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Intermittent delay in authentication
Hi, Ive seen this is if one of my ipa masters is off lineor its network has gone bye byeor its a similar problem to you.I cant trace it for sure. Just wondering if the IPA networking code is robust enough to deal with network issues like saturated links or something.. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of KodaK [sako...@gmail.com] Sent: Wednesday, 15 August 2012 8:28 a.m. To: freeipa-users@redhat.com Subject: [Freeipa-users] Intermittent delay in authentication I apologize in advance for not having very much information to go on. We have exactly 100 hosts in IPA right now. On occasion, maybe once or twice a day, all authentication just pauses for some amount of time. It can range from just a few seconds to about 30 seconds. I can see this happen, I can be doing an su on one box and an ssh into another, and people will yell over the cube walls that it's happening again but after a few seconds everything will start flowing again. I've been watching logs and I don't see anything that's corresponding with these events, but I'm willing to take any advice at the moment. What *could* cause something like this? Does replication block authentication (I can't imagine that it does.) I'm absolutely sure I have something misconfigured, but I don't even know where to start on this one. -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users