I am joining a machine to a domain via Realmd and then filling out the SSSD config with a
few more directives such as setting dyndns_update = false. Every once in a while, I'm
finding that SSSD is using the old configuration even after restarting the service or
starting it interactively.
Sanitized config:
[root@host]# cat /etc/sssd/sssd.conf
[domain/<domain.com>]
access_provider = simple
ad_domain = <domain.com>
ad_hostname = <host.domain.com>
cache_credentials = true
debug_level = 6
default_shell = /bin/bash
dyndns_update = false
fallback_homedir = /home/%u
id_provider = ad
krb5_realm = <DOMAIN.COM>
krb5_store_password_if_offline = true
ldap_id_mapping = true
realmd_tags = manages-system joined-with-adcli
simple_allow_groups = <group>
use_fully_qualified_names = false
[sssd]
config_file_version = 2
domains = <domain.com>
services = nss,pam
If I restart the service, all logs are blank under /var/log/sssd/* so it is not picking up
the debug level in the config and I also have trouble logging in.
If I start the service interactively:
[root@host]# sssd -d 6 -i
...snip...
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [ad_failover_init] (0x0100): No
primary servers defined, using service discovery
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [fo_add_srv_server] (0x0400):
Adding new SRV server to service 'AD_GC' using 'tcp'.
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [fo_add_srv_server] (0x0400):
Adding new SRV server to service 'AD' using 'tcp'.
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [_ad_servers_init] (0x0100):
Added service discovery for AD
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400):
Option dyndns_update is TRUE
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400):
Option dyndns_refresh_interval has value 86400
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400):
Option dyndns_iface has no value
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400):
Option dyndns_ttl has value 3600
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400):
Option dyndns_update_ptr is TRUE
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400):
Option dyndns_force_tcp is FALSE
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400):
Option dyndns_auth has value gss-tsig
(Fri Mar 18 14:23:58 2016) [sssd[be[<domain.com>]]] [dp_get_options] (0x0400):
Option dyndns_server has no value
...snip...
It clearly sees dyndns_update as TRUE even though its set to false in the config. It
remains stuck in this state until i remove /var/lib/sss/db/config.ldb and restart the
service, after which everything is fine.
Is there any way for me to dig into why the config.ldb file would not be refreshed after
config changes and service restart?
Show replies by thread