Hi all,
I've been using sssd with AD on Ubuntu 16.04 for several months (sssd 1.13.4). I've joined probably a few dozen VMs to a domain. More often than not, /var/lib/sss/pipes/ssh is not created right away after joining, and the dynamic DNS registration with nsupdate doesn't happen. There are no errors in /var/log/sssd/*; sssd_ssh just doesn't run, and dyndns doesn't happen either.
I can reboot or restart sssd as many times as I like and it won't fix it. But as soon as I would bump up the debuglevel in /etc/sssd/sssd.conf and "systemctl restart sssd", everything would work.
Eventually I figured out that it wasn't dependent on the debug level at all - if I just touch /etc/sssd/sssd.conf to update the timestamp, and restart sssd, that's enough to fix it.
The next time I join a machine I'll start with debuglevel set to 9. In the meantime, is there anything that could explain this behaviour: the sshd integration and dyndns registration don't work until (1) the domain is joined and (2) sssd.conf's mtime is changed?
Thanks, Mike
sssd.conf:
[domain/my.domain] access_provider = ad ad_domain = my.domain ad_gpo_access_control = disabled ad_hostname = myhostname.my.domain cache_credentials = False debug_level = 3 default_shell = /bin/bash dns_resolver_timeout = 30 dyndns_refresh_interval = 28800 dyndns_update = True dyndns_update_ptr = True entry_cache_timeout = 120 fallback_homedir = /home/%u id_provider = ad krb5_realm = MY.DOMAIN krb5_store_password_if_offline = False ldap_access_filter = (memberOf:1.2.840.113556.1.4.1941:=cn=somegroup,ou=Groups,ou=xxx,dc=my,dc=domain) ldap_group_nesting_level = 2 ldap_id_mapping = True ldap_schema = ad ldap_user_ssh_public_key = sshPublicKey memcache_timeout = 120 use_fully_qualified_names = False
[nss] filter_users = root,named,avahi,haldaemon,dbus,radiusd,news,nscd,centos,ubuntu
[ssh]
[sssd] config_file_version = 2 domains = my.domain services = nss,pam,ssh