Hi,

What OS is this on?  I would like to try and reproduce the issue on my side.

Striker

On 03/18/2016 02:31 PM, chadwickbanning@gmail.com wrote:
> I am joining a machine to a domain via Realmd and then filling out the SSSD config with a few more directives such as setting dyndns_update = false. Every once in a while, I'm finding that SSSD is using the old configuration even after restarting the service or starting it interactively.
>
> Sanitized config:
> [root@host]# cat /etc/sssd/sssd.conf
> [domain/<domain.com>]
> access_provider = simple
> ad_domain = <domain.com>
> ad_hostname = <host.domain.com>
> cache_credentials = true
> debug_level = 6
> default_shell = /bin/bash
> dyndns_update = false
> fallback_homedir = /home/%u
> id_provider = ad
> krb5_realm = <DOMAIN.COM>
> krb5_store_password_if_offline = true
> ldap_id_mapping = true
> realmd_tags = manages-system joined-with-adcli
> simple_allow_groups = <group>
> use_fully_qualified_names = false
>
> [sssd]
> config_file_version = 2
> domains = <domain.com>
> services = nss,pam
>
> If I restart the service, all logs are blank under /var/log/sssd/* so it is not picking up the debug level in the config and I also have trouble logging in.
> If I start the service interactively:
> [root@host]# sssd -d 6 -i
> ...snip...
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [ad_failover_init] (0x0100): No primary servers defined, using service discovery
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [fo_add_srv_server] (0x0400): Adding new SRV server to service 'AD_GC' using 'tcp'.
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [fo_add_srv_server] (0x0400): Adding new SRV server to service 'AD' using 'tcp'.
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [_ad_servers_init] (0x0100): Added service discovery for AD
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400): Option dyndns_update is TRUE
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400): Option dyndns_refresh_interval has value 86400
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400): Option dyndns_iface has no value
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400): Option dyndns_ttl has value 3600
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400): Option dyndns_update_ptr is TRUE
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400): Option dyndns_force_tcp is FALSE
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400): Option dyndns_auth has value gss-tsig
> (Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400): Option dyndns_server has no value
> ...snip...
>
> It clearly sees dyndns_update as TRUE even though its set to false in the config. It remains stuck in this state until i remove /var/lib/sss/db/config.ldb and restart the service, after which everything is fine.
>
> Is there any way for me to dig into why the config.ldb file would not be refreshed after config changes and service restart?
> _______________________________________________
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org