0

I have 5 workstations that have been joined to a freeipa domain. I've noticed some weird authentication related issues on 3 of the workstations. I've discovered that all 3 workstations will restart their sssd service at almost the exact same time every 1 minute 50 seconds. They're almost in perfect sync with each other. When this occurs, I see in the logs under /var/log/ssd/*.log a message about an orderly shutdown of all child processes. I also see in the "systemctl status sssd.service" that (stop-sigterm) appears for a moment while the service restarts.

Is there a way to identify what process is causing the sssd service to be restarted? I'm really struggling to chase down the root cause.

dutsnekcirf
  • 249
  • 2
  • 4
  • 16

1 Answers1

1

Holy crap! I've found the problem. Without going into too much detail, essentially someone had created a crontab that is triggering every 2 minutes. The crontab entry kicks off a script that checks the state of the sssd service and restarts it if it's in a hung or weird state. However, the script is evaluating the state of the sssd service incorrectly and has been restarting it every time the crontab triggered. Someone's going to get an earfull in the morning.

dutsnekcirf
  • 249
  • 2
  • 4
  • 16