On (03/12/17 14:30), Brian Chow wrote:
First, sorry if this is easily findable information elsewhere, I did
search
but couldn't find anything that seemed relevant .. although I'm not sure I
was searching using proper terminology...
I have SSSD auth semi-working on an Arch system. When it's working, I can
auth against Active Directory, SSH logins work, GDM logins work, sudo
works, id <user> returns full group information, getent seems to work as
expected, polkit appears to work correctly inside og Gnome..everything
seems great. Untill approx ~10 - ~20 minutes passes, and then SSSD seems
to stop authenticating. id <username> returns only the ID, primary group,
and a single other group membership, although correct for the information
it does return. getent passwd <username> seems to work. getent group
<groupname> returns all the users in the group, even though id doesn't list
extended group information anymore. Polkit and SSH stop working. Even
users not previously checked return information in the same shortened way
-- uid, primary gid, and one extended gid. GDM no longer allows logins.
The SSSD process seems to be running ok. Stopping and restarting the SSSD
service, and even rebooting doesn't change anything at this point.
However, if I stop SSSD, delete the [cache?] db (rm /var/lib/sss/db/*) and
restarting sssd brings me back to a fully working state --- again only for
several minutes, and then it's right back to partial information and not
authenticating.
Where do I even start with the troubleshooting? Or is this some known
configuration issue that I've missed?
Here
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
Sorry but it is impossible to help without more info/logs ...
And if you find a bug then you should follow
https://docs.pagure.org/SSSD.sssd/users/reporting_bugs.html
LS