[SSSD-users] Re: idmap_sss Backend for Winbind

Hi Sumit, understood. The configuration seems to be correct. This is exactly the reason, why I want winbind to use the idmap_sss backend. I have seen that the mapping is cached by at least three caches (windbind: gencache, winbindd_cache; sssd: sss cache). Are there any timeout recommendations for sssd and winbindd caches for the mapping to work properly? Also, is there an easy way to log sss_idmap backend interworking with winbind? I had following wrong entry in the the caches for a long time (with several reboots, restarts of winbind d and sssd): wbind -i rdratlos (from windbindd with sss_idmap) rdratlos:*:10000:10006:Thomas Xyz:/home/MYDOMAIN/rdratlos:/bin/false getent passwd rdratlos (from sssd) rdratlos@mydomain.com:*:1000:513:Thomas Xyz:/home/MYDOMAIN/rdratlos:/bin/bash Only a combination of sss_cache -E net cache flush systemctl restart winbindd seemed to have fixed this to: wbind -i rdratlos (from windbindd with sss_idmap) rdratlos:*:1000:513:Thomas Xyz:/home/MYDOMAIN/rdratlos:/bin/false Best regards Thomas