You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1054899
Created attachment 851732
domain log for non-primary(user1_dom3) user login
Description of problem:
sssd goes offline on login for users from subdomains
Version-Release number of selected component (if applicable):
1.11.2-27.el7
How reproducible:
Always
Steps to Reproduce:
1. Try to login as a user from the primary domain
# time ssh -l user1_dom1@sssdad.com localhost
user1_dom1@sssdad.com@localhost's password:
[user1_dom1@sssdad.com@amd-pike-05 ~]$ logout
Connection to localhost closed.
real 0m16.057s
2. Try to login as a user from a child domain
# time ssh -l user1_dom3@child1.sssdad.com localhost
user1_dom3@child1.sssdad.com@localhost's password:
Permission denied, please try again.
user1_dom3@child1.sssdad.com@localhost's password:
real 0m28.623s
user 0m0.020s
sys 0m0.012s
Actual results:
sssd goes offline with login to users from non-primary domains
See attached domain logs for login to a primary user(user1_dom1) and
non-primary user(user1_dom3)
See the discussion in the BZ. What Kaushik wanted was to amend the DEBUG message to hint that raising the timeout might be a good idea. I'm not sure about sss_log, that seems like too much, but maybe using some higher log level (IIRC we have something like IMPORTANT_INFO) would work.
changelog: => See the description and title. Minor enhancement that hints what parameter should the admin increase when Kerberos authentication keeps timing out.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2202
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1054899
Comments
Comment from jhrozek at 2014-01-20 23:07:50
See the discussion in the BZ. What Kaushik wanted was to amend the DEBUG message to hint that raising the timeout might be a good idea. I'm not sure about sss_log, that seems like too much, but maybe using some higher log level (IIRC we have something like IMPORTANT_INFO) would work.
blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => preichl
review: True => 0
selected: =>
testsupdated: => 0
Comment from jhrozek at 2014-01-22 23:13:36
Comment from jhrozek at 2014-01-22 23:14:19
I'll leave the ticket open so it's properly triaged
Comment from lslebodn at 2014-01-23 14:28:11
Fields changed
patch: 0 => 1
Comment from dpal at 2014-01-23 14:59:09
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.11.4
Comment from jhrozek at 2014-01-24 13:33:47
resolution: => fixed
status: new => closed
Comment from jhrozek at 2014-02-17 20:28:25
Fields changed
changelog: => See the description and title. Minor enhancement that hints what parameter should the admin increase when Kerberos authentication keeps timing out.
Comment from jhrozek at 2017-02-24 15:01:54
Metadata Update from @jhrozek:
The text was updated successfully, but these errors were encountered: