On Wed, Dec 09, 2015 at 12:58:23PM +0100, Winfried de Heiden wrote:
>    Hi all,
> 
>    Using entry_cache_timeout to set different cache timeout for sssd works
>    well. However, it doesn't seem to work for Trusted Domain Users (using AD
>    trust)
> 
>    I made some changes, cleaned the cache but expiry will stay on a (too
>    long) 10 (ten!) hours!
> 
>    How can I change the sssd cache timeout for Trusted AD users ? (using IPA
>    4.1)
> 
>    Kind regards!

Did you change the expiry on a client only or also on the server?

Keep in mind that for identity lookups, only the IPA masters are
connected to AD, the clients fetch data from IPA masters.
(Authentication, however, is done against AD DCs directly)

Another point to keep in mind is that the cache expiry is stored in the
objects themselves, so you might want to refresh the cache.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to