Bug 1288214

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2866

We have an IPA/AD trust.  If I disconnect from the network and then try to login as an AD user it fails.  It appears that sssd is not properly going into offline mode.  No idea why it still shows the server name as resolving (probably cached), or why the connection timeout does not appear to trigger offline mode.

sssd-1.12.2-58.el7_1.18.x86_64

sssd_domain.log:
{{{
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [be_req_set_domain] (0x0400): Changing request domain from [nwra.com] to [ad.nwra.com]
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [be_pam_handler] (0x0100): Got request with the following data
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): domain: ad.nwra.com
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): user: user.com
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): service: kdm
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): tty: :0
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): ruser:
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): rhost:
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): authtok type: 1
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): newauthtok type: 0
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): priv: 1
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): cli_pid: 11253
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [pam_print_data] (0x0100): logon name: not set
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [be_resolve_server_process] (0x0200): Found address for server ipa.server.com: [X.X.X.X] TTL 86400
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [write_pipe_handler] (0x0400): All data has been sent!
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success]
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [be_pam_handler_callback] (0x0100): Sending result [4][ad.nwra.com]
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [be_pam_handler_callback] (0x0100): Sent result [4][ad.nwra.com]
(Wed Nov 11 11:03:09 2015) [sssd[be[nwra.com]]] [child_sig_handler] (0x0100): child [11465] finished successfully.
(Wed Nov 11 11:03:11 2015) [sssd[be[nwra.com]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
(Wed Nov 11 11:03:11 2015) [sssd[be[nwra.com]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
(Wed Nov 11 11:03:11 2015) [sssd[be[nwra.com]]] [ipa_subdomain_account_got_override] (0x0040): IPA override lookup failed: 110
(Wed Nov 11 11:03:11 2015) [sssd[be[nwra.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,110,Account info lookup failed
}}}

pam messages:
{{{
Nov 11 10:54:10 pacas.cora.nwra.com kdm[11151]: :0[11151]: pam_unix(kdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=user
Nov 11 10:55:08 pacas.cora.nwra.com kdm[11151]: :0[11151]: pam_sss(kdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=user
Nov 11 10:55:08 pacas.cora.nwra.com kdm[11151]: :0[11151]: pam_sss(kdm:auth): received for user user: 4 (System error)
}}}

sssd.conf:
{{{
[domain/nwra.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = nwra.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
chpass_provider = ipa
ipa_server = _srv_, ipa.server.com
dns_discovery_domain = nwra.com
ipa_automount_location = boulder
override_shell = /bin/bash
debug_level = 6

[sssd]
services = nss, sudo, pam, ssh, autofs
config_file_version = 2
domains = nwra.com
#full_name_format = %1$s
default_domain_suffix = ad.nwra.com
debug_level = 6
}}}

{{{
# grep hosts /etc/nsswitch.conf
hosts:      files dns mdns4_minimal myhostname
}}}