Just to let you know the only way how I have been able to expire netgroup cache is when I delete db cache and restart sssd. But that does not work for us because we want sssd to expire cache automatically with no manual intervention.
 
If you can shed on this I would really appreciate it.
 
Thank you very much. Regards,
 
Francisco Marin
 
> From: jzeleny@redhat.com
> To: chisco.13@hotmail.com
> Subject: Re: [SSSD] SSSD netgroup issue
> Date: Fri, 23 Sep 2011 08:49:59 +0200
> CC: sssd-devel@lists.fedorahosted.org
>
> > Thank you very much Jan . I could not find sss_cache command, is there a
> > package that I am missing ? . But propagation should not happen
> > automatically ? or should I run sss_cache -N always ?.
> >
> > is not a parameter on my sssd.conf file which would let me propagate the
> > changes automatically ?
> >
> > Thank you again. Regards,
>
> As Stephen pointed out, the sss_cache command is available since 1.6.0. For
> more specifics of cache timeout, please see his email. Answers to all your
> questions are there.
>
> >
> > Francisco Marin
> >
> > > From: jzeleny@redhat.com
> > > To: sssd-devel@lists.fedorahosted.org
> > > Subject: Re: [SSSD] SSSD netgroup issue
> > > Date: Thu, 22 Sep 2011 13:50:01 +0200
> > > CC: chisco.13@hotmail.com
> > >
> > > > Hello,
> > > >
> > > > I have this nsswitch configuration:
> > > >
> > > > passwd: compat
> > > > passwd_compat: sss
> > > > #shadow: files ldap
> > > > #group: files ldap
> > > >
> > > > #passwd: files sss
> > > > #passwd: compat sss
> > > > shadow: files sss
> > > > group: files sss
> > > >
> > > > hosts: files dns
> > > > bootparams: files
> > > > ethers: files
> > > > netmasks: files
> > > > networks: files
> > > > protocols: files
> > > > rpc: files
> > > > services: files
> > > > netgroup: sss
> > > > publickey: nisplus
> > > > automount: files ldap
> > > > aliases: files
> > > > sudoers: files ldap
> > > >
> > > >
> > > > Currently I am having problems with sssd handling netgroup changes.
> > > >
> > > > when I add or remove a user from a netgroup , those changes are not
> > > > replicated automatically to clients . Should be something wrong with my
> > > > sssd.conf configuration ?
> > > >
> > > > If you can give me a hand I would really appreciate it.
> > > >
> > > > Thanks,
> > > >
> > > > Francisco Marin
> > >
> > > Hi,
> > > my first guess would be cache expiration. Did you try running sss_cache
> > > -N on the client before trying if the propagation worked?
> > >
> > > Jan
>
> --
> Thank you
> Jan Zeleny
>
> Red Hat Software Engineer
> Brno, Czech Republic