If anything it is more likely the client SSSD cache. The server doesn't cache much beyond AD information (inside SSSD).
See sss_cache(8). rob Antoine Gatineau wrote: > OK this is strange. > > > After enrolling a new client (exact same distro) I was able to log in it > with my ipa user. > > The idea was to rule out the server configuration, which it did. > > > When I went back to the previous client (that was posing me the issue) > it started to work. > > > My assumption now is that the cache was somehow corrupted and logging > from a new client renewed it and fixed it. > > Are there some configurations on the servers that would require to clean > the cache? > > > Anyway it seems to be ok now.... > > > > On Wednesday, September 14, 2022 4:17:03 PM CEST Antoine Gatineau via > FreeIPA-users wrote: > > sssd logs are in the tar.gz file > > > kwin is there just because it was there :) > > > > > On Wednesday, September 14, 2022 3:48:31 PM CEST Rob Crittenden wrote: > > >> Antoine Gatineau via FreeIPA-users wrote: > > >> > Dear freeipa-users, > > >> > > > >> > I recently am having trouble logging into my kde sessions. > > >> > Client OS: Fedora 36 Kde Plasma (up to date) (freeipa-client > 4.10.0-4 , sssd 2.7.4-1) > > >> > Server: Centos Stream 9 (ipa 4.10.0-6) > > >> > > > >> > Here are my symptoms : > > >> > ipa user on KDE Wayland: ��� kwin_wayland_wrapper crashes > > >> > ipa user on KDE X11: ��� login ok but policykit integration seems > broken. Can't connect to qemu for instance or apply system settings. > Running `id` returns the expected groups and uid. > > >> > ipa user on Console: ��� login ok > > >> > ipa user on ssh: ��� login ok. > > >> > Local users : ��� ��� no problem > > >> > Brand new ipa user : ��� same login issues > > >> > > > >> > The only way I found to be able to correctly login is to stop sssd , > remove the cache files and reboot: > > >> > systemctl stop sssd && rm -rf /var/lib/sss/db/* && reboot > > >> > > > >> > After that I can successfully login with wayland and X11 session. At > the next reboot, session login will fail. > > >> > > > >> > I am not sure there is an issue with the freeipa integration itself > but the fact that rebooting with a clean sssd context makes it work, I > assume sssd and freeipa are involved somehow. > > >> > It could also be an issue with kde itself or my IPA configuration. > > >> > I still need to start troubleshooting somewhere. > > >> > > > >> > Find attached sssd debug logs on the client. I didn't find anything > strange but someone else might. > > >> > If logs are need, I can easily reproduce the issue and generate logs > or test changes. > > >> > > > >> > If someone with the same setup can confirm it works for them, that > would be great. > > >> > If this is absolutely not the place for this request, please say so ;-) > > >> > > > >> > Any help troubleshooting this issue is appreciated > > >> > > > >> > > >> Looks like you attached the wrong log. > > >> > > >> rob > > >> > > >> > > > > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
