We are seeing the following in our sssd_default.log which appears to coincide with some authentication failures. What would cause the hostname resolution to expire? Can we change the length of whatever timeout might be causing this?
Sorry I have to obfuscate the hostnames per company policy. The host "XXXXX.boeing.com" is in the sssd.conf file under the [domain/default] section as: ldap_uri = ldaps://XXXXX.boeing.com (Wed Apr 17 06:30:20 2019) [sssd[be[default]]] [be_get_account_info] (0x0200): Got request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=5928] (Wed Apr 17 06:30:20 2019) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Wed Apr 17 06:31:22 2019) [sssd[be[default]]] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [be_get_account_info] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][1][name=nss8297] (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [get_server_status] (0x0100): Hostname resolution expired, resetting the server status of 'XXXXX.boeing.com' (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'XXXXX.boeing.com' as 'name not resolved' (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'XXXXX.boeing.com' in files (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'XXXXX.boeing.com' as 'resolving name' (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'XXXXX.boeing.com' in files (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'XXXXX.boeing.com' in DNS (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'XXXXX.boeing.com' as 'name resolved' (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [be_resolve_server_process] (0x0200): Found address for server XXXXX.boeing.com: [10.234.125.55] TTL 13 (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [sdap_get_server_opts_from_rootdse] (0x0200): No known USN scheme is supported by this server! (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [simple_bind_send] (0x0100): Executing simple bind as: cn=YYYYY.boeing.com.*,nisMapName=netGroup.byhost,ou=enterprise,ou=unix,ou=accounts,o=boeing,c=us (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port 636 of server 'XXXXX.boeing.com' as 'working' (Wed Apr 17 06:35:56 2019) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'XXXXX.boeing.com' as 'working' Gareth Beale (bemsid: 45600) Enterprise High Performance Computing Service Application Infrastructure Services Global Information Technology Infrastrucure Services Need help? http://iticket.web.boeing.com/secure/create.aspx?id=serverhpc / 425-234-0911
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org