SSSD cache group information not updated #5032
Comments
|
Dear Contributor/User, Recognizing the importance of addressing enhancements, bugs, and issues for the SSSD project's quality and reliability, we also need to consider our long-term goals and resource constraints. After thoughtful consideration, regrettably, we are unable to address this request at this time. To avoid any misconception, we're closing it; however, we encourage continued collaboration and contributions from anyone interested. We apologize for any inconvenience and appreciate your understanding of our resource limitations. While you're welcome to open a new issue (or reopen this one), immediate attention may not be guaranteed due to competing priorities. Thank you once again for sharing your feedback. We look forward to ongoing collaboration to deliver the best possible solutions, supporting in any way we can. Best regards, |
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/4064
Hello
I have created one-way trust between Active directory 2016 to a IPA server. Then I set up a client and using Active Directory user I am able to login to the clent machine.
Problem statement:
In the active directory, I have created a user group (ad_group@adserver.local) and created 2 users to make part of the group( ad_user1 and ad_user2).
In IPA server(ipa.example.com) the internal posix group which is connected to active directory is called ad_ipa_internal. when I ran
[root@ipa ~]# date; SSS_NSS_USE_MEMCACHE=NO getent group ad_ipa_internal
Thu Aug 15 16:15:31 AEST 2019
group ad_ipa_internal:*:1003003:ad_user1@.adserver.local,ad_user2@.adserver.local
but if a remove user ad_user2 from the Active Directory group. the user still exist in ipa group.
Now if i ran sss_cache -G it is still there, but the dataExpireTimestamp in /var/lib/sss/db/timestamps_example.com.ldb and var/lib/sss/db/cache_example.com.ldb is set to 1. the only way to get the update group info is if I remove
/# rm -rf /var/lib/sss/db/*
/# systemctl restart sssd.service
then it get updated group information.
[root@ipa ~]# cat /etc/sssd/sss.conf
[domain/srv.example.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = srv.example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ipa.example.com
chpass_provider = ipa
ipa_server = ipa.example.com
ipa_server_mode = True
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = sudo, nss, ifp, pam, ssh
domains = example.com
[nss]
/#memcache_timeout = 600
homedir_substring = /home
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
[secrets]
the other problem is if I dont run sss_cache -G on ipa server then client sss cache is not updated. the remove problem exist in both ipa and client
Installed Packages
Name : sssd
Arch : x86_64
Version : 1.16.2
Release : 13.el7
I tried to follow the below referrals:
[code]https://pagure.io/SSSD/sssd/issue/3684
https://bugzilla.redhat.com/show_bug.cgi?id=1371538
https://bugzilla.redhat.com/show_bug.cgi?id=1359208
https://bugzilla.redhat.com/show_bug.cgi?id=1361597[/code]
Comments
Comment from bionunu at 2019-09-18 00:14:19
Once ipa is setup. Do I need to manually change the configuration of nscd
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/usingnscd-sssd
Comment from thalman at 2020-03-13 15:51:57
Metadata Update from @thalman:
The text was updated successfully, but these errors were encountered: