I just performed an upgrade of SSSD while my IPA server was down (different bug :-/), as the upgrade finished I was not able to log in in offline mode anymore.
The only possibility I see is that there is some code that upgrades the offline cached hashes that is broken somehow as the only log I had is only ever emitted if the userhash and currhash do not match.
Moreover after the server came online I now see an ldb_modify error in sysdb_set_cache_entry_attr that causes login to fail. This may be do may previous attempts to downgrade may have messed up some DB, However a failure to store cache data should not cause authentication failures.
The system came back to normal as soon as SSSD was restarted after the ipa server came back to life. I meant to retain a copy of the sssd caches but mistakenly preserved a copy of the server sssd db instead of the client :-(
I may still have some logs if you want to kae a look, but unfortunately I do not thjink I have a complete set of data at this point.
If this was on RHEL this might be a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1565774. Because of using not the right macro in the spec file SSSD is not restarted after the update.
to comment on this ticket.
Copyright © 2014-2018 Red Hat
4.0.3 — Documentation