On (29/03/16 10:48), Chadwick Banning wrote:
There are settings in the sssd.conf file that aren't in the ldbsearch output or that have the wrong values in the output:
[root@host ~]# cat /etc/sssd/sssd.conf
[domain/domain.com]
access_provider = simple
ad_domain = domain.com
ad_hostname = host.domain.com
cache_credentials = true
debug_level = 6
default_shell = /bin/bash
dyndns_update = false
fallback_homedir = /home/%u
id_provider = ad
krb5_realm = DOMAIN.COM http://domain.com/
krb5_store_password_if_offline = true
ldap_id_mapping = true
realmd_tags = manages-system joined-with-adcli
simple_allow_groups = Group1
use_fully_qualified_names = false
[sssd]
config_file_version = 2
domains = domain.com
override_space = _
services = nss,pam
[root@host ~]# ldbsearch -H /var/lib/sss/db/config.ldb
server_sort:Unable to register control with rootdse!
# record 1
dn: cn=sssd,cn=config
cn: sssd
config_file_version: 2
domains: domain.com
services: nss, pam
distinguishedName: cn=sssd,cn=config
# record 2
dn: cn=config
version: 2
lastUpdate: 1459260529
Are you really sure that sssd was restarted after changing sssd.conf? The attribute lastUpdate says taht sssd.conf was changed at "Tuesday, 29-Mar-16 14:08:49 UTC"
Your timezeone seems to be -4:00 according to mail header.
But in your previous mail configuration file was changed earlier (13:29:58 UTC)
Mar 29 09:29:58 localhost puppet-agent[2865]: (Class[Realmd::Sssd::Service]) Scheduling refresh of Service[sssd]
Mar 29 09:29:58 localhost systemd: Stopping System Security Services Daemon...
Mar 29 09:29:58 localhost sssd[nss]: Shutting down
Mar 29 09:29:58 localhost sssd[be[domain.com]]: Shutting down
Mar 29 09:29:58 localhost sssd[pam]: Shutting down
Mar 29 09:29:58 localhost systemd: Starting System Security Services Daemon...
Mar 29 09:29:58 localhost sssd: Starting up
Mar 29 09:29:58 localhost sssd[be[domain.com]]: Starting up
Mar 29 09:29:59 localhost sssd[nss]: Starting up
Mar 29 09:29:59 localhost sssd[pam]: Starting up
Mar 29 09:29:59 localhost systemd: Started System Security Services Daemon.
Is it possible that sssd.conf was changed more often with different versions ?
LS