On Mon, Mar 23, 2015 at 04:18:56PM +0530, Yogesh Sharma wrote: > Seeing a strange behavior. > > I deleted all Host Members from NetGroup and it was reflected in Client: > > [root@cipa ~]# getent netgroup stg.initd.com > stg.initd.com > > then I added one hostgroup *"cipa" * and it was successfully quried in > getent on IPA Server > > [root@mipa ~]# getent netgroup stg.initd.com > stg.initd.com (cipa.stg.initd.com,-,stg.initd.com) > > However, when adding another hostgroup in Netgroup , I am not able to see > that in getent though ipa command list it. > > > > [root@mipa ~]# ipa netgroup-show stg.initd.com > Netgroup name: stg.initd.com > Description: sssss > NIS domain name: stg.initd.com > Member Group: admins, ipausers, masteruser, trust admins, webuser > Member Hostgroup: cipa-servers, sipa-servers > [root@mipa ~]# > > > My Client is also unaware of changes. > > [root@cipa ~]# getent netgroup stg.initd.com > stg.initd.com > [root@cipa ~]# > > > Is it network issue or sssd caching problem. Restart of SSSD also does not > fix the problem.
That's normal, SSSD caches the information. See man sssd.conf for the timeout settings. Please note that as the timeouts are stored in the cache, you'd need to remove the cache as well if you machine the timeouts. > > Should I share my SSSD logs of IPA server or Client or Both. Please suggest. >From the machine that is having problems resolving the netgroup. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project