On Thu, Apr 06, 2017 at 09:11:32AM +0200, Martin Bašti wrote:
> 
> 
> On 06.04.2017 01:57, Greg Gilbert wrote:
> > Hey. I'm a bit new to FreeIPA, so apologies if this has already been
> > addressed. For reference, I'm running FreeIPA 4.4 server on CentOS 7,
> > and FreeIPA client 4.3.1 on Ubuntu nodes.
> > 
> > I've noticed that when I make changes to policies, it either takes a
> > long time to propagate out to the client nodes, or requires a manual
> > restart of the sssd service. In this case, I'm testing adding and
> > removing a user from a sudo rule. Is this the correct behavior, or is
> > there a misconfiguration on my part somewhere?
> > 
> > - greg
> > 
> 
> Hello,
> 
> it is caused by SSSD caches, to refresh particular objects in cache see `man
> sss_cache`.
> 
> You can lower TTL for records in cache, but the lower TTL, the higher load
> on server (`man sssd.conf` search for cache).

btw the sudo caching is a bit more complex, but man sssd-sudo hopefully
explains it well.

Also please check in the sssd debug logs if the sssd client is 'online'.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to