Learn more about these different git repos.
Other Git URLs
I have configured logging over ssh with gssapi. However I need to periodically restart sssd to log in. I haven't seen anything in logs.
Please paste the sanitized logs, otherwise I'm not sure I can even help..
btw please use the sssd-users mailing list for support requests, as opposed to bug reports
resolution: => worksforme status: new => closed
Replying to [comment:1 jhrozek]:
[12647] 1486067148.331564: Response was from master KDC [12647] 1486067148.331598: Decoding FAST response [12647] 1486067148.331687: FAST reply key: aes256-cts/6649 [12647] 1486067148.331717: TGS reply is for login@DOMAIN -> krbtgt/DOMAIN@DOMAIN with session key rc4-hmac/F9A5 [12647] 1486067148.331747: Got cred; 0/Success [12647] 1486067148.331824: Creating authenticator for login@DOMAIN -> host/ssh-server.domain@DOMAIN, seqnum 277654940, subkey rc4-hmac/2006, session key rc4-hmac/75C9 [12647] 1486067148.331836: Negotiating for enctypes in authenticator: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts debug3: send packet: type 61 debug3: receive packet: type 61 debug1: Delegating credentials [12647] 1486067148.351935: Read AP-REP, time 1486067148.331843, subkey aes256-cts/1AD4, seqnum 891869865 debug3: send packet: type 66 -- Logs begin at Fri 2015-10-16 16:02:15 PDT, end at Thu 2017-02-02 12:30:06 PST. -- Feb 01 12:00:10 ssh-server systemd[1]: Starting System Security Services Daemon... Feb 01 12:00:10 ssh-server sssd[4016]: Starting up Feb 01 12:00:11 ssh-server sssd[be[4018]: Starting up Feb 01 12:00:11 ssh-server sssd[4165]: Starting up Feb 01 12:00:11 ssh-server sssd[4166]: Starting up Feb 01 12:00:11 ssh-server systemd[1]: Started System Security Services Daemon. Feb 01 12:00:21 ssh-server sssd_be[4018]: GSSAPI client step 1 Feb 01 12:00:21 ssh-server sssd_be[4018]: GSSAPI client step 1 Feb 01 12:00:21 ssh-server sssd_be[4018]: GSSAPI client step 1 Feb 01 12:00:21 ssh-server sssd_be[4018]: GSSAPI client step 2 (...) Feb 01 18:30:07 ssh-server sssd[be[4820]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) Feb 01 18:30:07 ssh-server sssd_be[4820]: GSSAPI client step 1 Feb 01 18:30:07 ssh-server sssd_be[4820]: GSSAPI client step 1 Feb 01 18:30:07 ssh-server sssd_be[4820]: GSSAPI client step 1 Feb 01 18:30:07 ssh-server sssd_be[4820]: GSSAPI client step 2 (...) Feb 02 12:28:39 ssh-server sshd[4114]: Authorized to login@domain, krb5 principal login@DOMAIN (krb5_kuserok) (...) Feb 02 12:30:10 ssh-server sssd_be[23238]: GSSAPI client step 2 Feb 02 12:30:10 ssh-server sssd_be[23238]: GSSAPI client step 1 Feb 02 12:30:10 ssh-server sssd_be[23238]: GSSAPI client step 1 Feb 02 12:30:10 ssh-server sssd_be[23238]: GSSAPI client step 1 Feb 02 12:30:10 ssh-server sssd_be[23238]: GSSAPI client step 2 Feb 02 12:30:13 ssh-server sssd_be[24880]: GSSAPI client step 1 Feb 02 12:30:13 ssh-server sssd_be[25929]: GSSAPI client step 1 Feb 02 12:30:13 ssh-server sssd_be[24880]: GSSAPI client step 2 Feb 02 12:30:13 ssh-server sssd_be[25929]: GSSAPI client step 2 Feb 02 12:30:13 ssh-server sssd_be[25929]: GSSAPI client step 1 Feb 02 12:30:13 ssh-server sssd_be[25929]: GSSAPI client step 1 Feb 02 12:30:13 ssh-server sssd_be[24880]: GSSAPI client step 1 Feb 02 12:30:13 ssh-server sssd_be[24880]: GSSAPI client step 1 Feb 02 12:30:13 ssh-server sssd_be[25929]: GSSAPI client step 1 Feb 02 12:30:13 ssh-server sssd_be[25929]: GSSAPI client step 2 Feb 02 12:30:13 ssh-server sssd_be[24880]: GSSAPI client step 1 Feb 02 12:30:13 ssh-server sssd_be[24880]: GSSAPI client step 2
Restart of sssd fixing the problem:
Feb 02 12:31:13 ssh-server sssd[4166]: Shutting down Feb 02 12:31:13 ssh-server sssd[4165]: Shutting down Feb 02 12:31:13 ssh-server systemd[1]: Stopping System Security Services Daemon... Feb 02 12:31:13 ssh-server sssd[be[21935]: Shutting down Feb 02 12:31:13 ssh-server systemd[1]: Stopping NFSv4 ID-name mapping service... Feb 02 12:31:13 ssh-server sssd[be[4018]: Shutting down Feb 02 12:31:13 ssh-server systemd[1]: Stopped NFSv4 ID-name mapping service. Feb 02 12:31:13 ssh-server sssd[be[22136]: Shutting down Feb 02 12:31:13 ssh-server systemd[1]: Starting NFSv4 ID-name mapping service... Feb 02 12:31:13 ssh-server sssd[be[23257]: Shutting down Feb 02 12:31:13 ssh-server systemd[1]: Started NFSv4 ID-name mapping service. Feb 02 12:31:13 ssh-server sssd[be[24645]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[23238]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[22503]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[29454]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[24469]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[25329]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[24861]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[29673]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[28989]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[30295]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[25929]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[27408]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[28323]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[24880]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[28650]: Shutting down Feb 02 12:31:13 ssh-server sssd[be[18872]: Shutting down Feb 02 12:31:13 ssh-server systemd[1]: Stopped System Security Services Daemon. Feb 02 12:31:13 ssh-server systemd[1]: Starting System Security Services Daemon... Feb 02 12:31:13 ssh-server sssd[31124]: Starting up Feb 02 12:31:16 ssh-server systemd[1]: Started System Security Services Daemon. Feb 02 12:31:13 ssh-server sssd[be[31127]: Starting up Feb 02 12:31:14 ssh-server sssd[31264]: Starting up Feb 02 12:31:14 ssh-server sssd[31265]: Starting up Feb 02 12:31:14 ssh-server sssd_be[31127]: GSSAPI client step 1 Feb 02 12:31:14 ssh-server sssd_be[31127]: GSSAPI client step 1 Feb 02 12:31:14 ssh-server sssd_be[31127]: GSSAPI client step 1 Feb 02 12:31:14 ssh-server sssd_be[31127]: GSSAPI client step 2 Feb 02 12:31:33 ssh-server sshd[4114]: Authorized to login@domain krb5 principal login@DOMAIN (krb5_kuserok)
Since restart of sssd fixes the problem I assume that this is problem (bug) in sssd as opposed to configuration.
It is strange that sssd_be is shutting down so often. It might be a crash or another pathological use-case. Please check the system logs or enable abrt to see if there are any crashes. But more importantly, please enable more verbose debugging in sssd.conf, see https://fedorahosted.org/sssd/wiki/Troubleshooting
Metadata Update from @mpiechotka: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4328
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.