Learn more about these different git repos.
Other Git URLs
Hello I have created one-way trust between Active directory 2016 to a IPA server. Then I set up a client and using Active Directory user I am able to login to the clent machine. Problem statement: In the active directory, I have created a user group (ad_group@adserver.local) and created 2 users to make part of the group( ad_user1 and ad_user2). In IPA server(ipa.example.com) the internal posix group which is connected to active directory is called ad_ipa_internal. when I ran [root@ipa ~]# date; SSS_NSS_USE_MEMCACHE=NO getent group ad_ipa_internal Thu Aug 15 16:15:31 AEST 2019 group ad_ipa_internal:*:1003003:ad_user1@.adserver.local,ad_user2@.adserver.local
but if a remove user ad_user2 from the Active Directory group. the user still exist in ipa group. Now if i ran sss_cache -G it is still there, but the dataExpireTimestamp in /var/lib/sss/db/timestamps_example.com.ldb and var/lib/sss/db/cache_example.com.ldb is set to 1. the only way to get the update group info is if I remove /# rm -rf /var/lib/sss/db/* /# systemctl restart sssd.service
then it get updated group information.
[root@ipa ~]# cat /etc/sssd/sss.conf [domain/srv.example.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = srv.example.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ipa.example.com chpass_provider = ipa ipa_server = ipa.example.com ipa_server_mode = True ldap_tls_cacert = /etc/ipa/ca.crt
[sssd] services = sudo, nss, ifp, pam, ssh domains = example.com [nss] /#memcache_timeout = 600 homedir_substring = /home
[pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets]
the other problem is if I dont run sss_cache -G on ipa server then client sss cache is not updated. the remove problem exist in both ipa and client
Installed Packages Name : sssd Arch : x86_64 Version : 1.16.2 Release : 13.el7
I tried to follow the below referrals: [code]https://pagure.io/SSSD/sssd/issue/3684 https://bugzilla.redhat.com/show_bug.cgi?id=1371538 https://bugzilla.redhat.com/show_bug.cgi?id=1359208 https://bugzilla.redhat.com/show_bug.cgi?id=1361597[/code]
Once ipa is setup. Do I need to manually change the configuration of nscd https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/usingnscd-sssd
Metadata Update from @thalman: - Issue tagged with: Future milestone
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/5032
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.