IdM - Getting the client to see the server after a "domain crash"
Hello all!
We are currently running IdM through some test cases with one server and one client. One of tests required was to turn off the IdM server and have a go at logging in, etc.
All was going as expected until we brought the IdM server back up! We are going on 45 minutes of server uptime and the client still sees it as being down (client still wants me to use the cached password and when I run passwd it tells me "System is offline, password change not possible"
So my question is: Will the client EVER see the server as being online automatically? If it can, can I set the interval in which it checks?.
Responses
Here is a little bit from the "man sssd-ipa" page. It should try and reconnect within a few minutes.
The Failover Mechanism
The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if
this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other
service.
Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded
to 30 seconds.
If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds.
You should take a look and see if the client can ping the ipa server. Also sssd normally uses dns for the ipa servers fqdn and other service queries, checking that dns is working would be helpful. I would also suggest you open a support case so the Identity Management team can further assist you in greater detail.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.