Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-32595

Excessive "Domain not found' messages logged to sssd_nss & sssd_be in multidomain AD forest

XMLWordPrintable

    • sssd-2.9.5-1.el9
    • None
    • Moderate
    • rhel-sst-idm-sssd
    • ssg_idm
    • 12
    • 14
    • 0
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • Unspecified
    • None

      What were you trying to do that didn't work?

      After upgrading to RHEL 8.9, SSSD produces thousands of "Domain not found" messages a minute in the sssd_nss.log & sssd_be.log files. The log level for the messages is 0x0040, so they are produced at the default log level, the log level has to be set to 'debug_level = 1' or lower to avoid the excessive log messages.

      The host has a direct AD integration in a multi-domain forest. All of the domains that are not found in the logs are excluded from the 'ad_enabled_domains' setting in sssd.conf

      Please provide the package NVR for which bug is seen:

      sssd-2.9.1-4.el8_9.5.x86_64                                 Thu Mar 14 05:22:52 2024
      sssd-ad-2.9.1-4.el8_9.5.x86_64                              Thu Mar 14 05:22:22 2024
      sssd-client-2.9.1-4.el8_9.5.x86_64                          Thu Mar 14 05:22:21 2024
      sssd-common-2.9.1-4.el8_9.5.x86_64                          Thu Mar 14 05:22:22 2024
      sssd-common-pac-2.9.1-4.el8_9.5.x86_64                      Thu Mar 14 05:22:22 2024
      sssd-dbus-2.9.1-4.el8_9.5.x86_64                            Thu Mar 14 05:22:22 2024
      sssd-ipa-2.9.1-4.el8_9.5.x86_64                             Thu Mar 14 05:22:23 2024
      sssd-kcm-2.9.1-4.el8_9.5.x86_64                             Thu Mar 14 05:22:52 2024
      sssd-krb5-2.9.1-4.el8_9.5.x86_64                            Thu Mar 14 05:22:23 2024
      sssd-krb5-common-2.9.1-4.el8_9.5.x86_64                     Thu Mar 14 05:22:22 2024
      sssd-ldap-2.9.1-4.el8_9.5.x86_64                            Thu Mar 14 05:22:23 2024
      sssd-nfs-idmap-2.9.1-4.el8_9.5.x86_64                       Thu Mar 14 05:22:22 2024
      sssd-proxy-2.9.1-4.el8_9.5.x86_64                           Thu Mar 14 05:22:23 2024
      sssd-tools-2.9.1-4.el8_9.5.x86_64                           Thu Mar 14 05:22:52 2024

      How reproducible:

      Steps to reproduce

      1.  
      2.  
      3.  

      Expected results

      Actual results

      Many "Domain not found" messages are logged to sssd_nss & sssd_be.

      Example of the number of messages logged in the timespan 15:50:47 - 18:43:37:

      $ grep "Domain not found" var/log/sssd/sssd_nss.log | wc -l
      174153

      $ grep "Domain not found" var/log/sssd/sssd_$domain.log | wc -l
      123653

      Example of sssd-nss message:

      (2024-04-03 18:43:37): [nss] [cache_req_common_process_dp_reply] (0x3f7c0): CID#4883 CR #999350: Could not get account info [1432158245]: Domain not found

      Example of sssd_be message:

      (2024-04-03 18:43:37): [be[ad.domain.net]] [sbus_issue_request_done] (0x0040): sssd.dataprovider.getAccountInfo: Error [1432158245]: Domain not found

              atikhono@redhat.com Alexey Tikhonov
              rhn-support-rlundgren Runar Lundgren
              SSSD Maintainers SSSD Maintainers
              Jakub Vavra Jakub Vavra
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: