On Mon, May 21, 2012 at 02:08:33PM +0200, Ondrej Valousek wrote: > Hi List, > > I am using sssd (F17) with AD and what I observed is that sssd frequently > marks my AD server working and then "not working". Symptoms: > > (Mon May 21 13:58:43 2012) [sssd[be[default]]] [sdap_id_op_connect_step] > (0x4000): beginning to connect > (Mon May 21 13:58:43 2012) [sssd[be[default]]] [fo_resolve_service_send] > (0x0100): Trying to resolve service 'LDAP' > (Mon May 21 13:58:43 2012) [sssd[be[default]]] [get_server_status] > (0x1000): Status of server 'dcpra1.XXX' is 'working' > (Mon May 21 13:58:43 2012) [sssd[be[default]]] [get_port_status] (0x1000): > Port status of port 389 for server 'dcpra1.XXX' is 'not working' > (Mon May 21 13:58:43 2012) [sssd[be[default]]] [fo_resolve_service_send] > (0x0020): No available servers for service 'LDAP' > > Sometimes sssd does manage to connect, sometimes not. > I know there is a problem with the AD controller cutting the connection > after some timeout that we can not (yet) handle correctly, but this also > happens shortly after sssd restart. > > Is there any explanation to this? > Thanks, > Ondrej
https://fedorahosted.org/sssd/ticket/1347 Ondrej had sent me his full logs privately. I found out that the protocol fallback with SRV queries does not seem to be working once the query expires. The workaround is of course to add both protocol families (or rather add the preferred one for each protocol - _udp for Kerberos and _tcp for LDAP) _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
