> On Thu, Jul 06, 2017 at 02:29:34PM -0000, bogusmaster--- via FreeIPA-users 
> wrote:
> 
> 
> The ipa-client gets all its data from the IPA server and for efficiency
> the lookup on the server goes via the SSSD cache on the server.
> 
> While on the client during authentication the user data is refreshed
> unconditionally the old data might still be on the cache on the server.
> I would expect that when you call 'sss_cache -E' on the IPA server after
> changing the group memberships the client should see the new groups during
> authentication and access should be granted.

I cleared cache on the IPA server and restarted sssd after changing group 
membership, did the same on the client but it didn't help. 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to