Windl, Ulrich wrote: > Hi! > > > > I discovered an odd problem: > > If a user logs in on some clients, the OpenLDAP 2.5 server does not update > authTimestamp, while on other clients the timestamp is updated (and > synchronized > across all servers). > > All clients use the same OS (SLES15) and sssd. > > The only difference I could find was the order of modules: > > services = pam,nss > > vs. > > services = nss, pam
And that alone should have triggered massive red flags in your mind. > Sections for [pam] and [nss] are both empty. > > Caching credentials is disabled (false) also. > > I thought if sssd authenticates using the OpenLDAP server, the server itself > would update the authTimestamp. > Can anybody enlighten me (e.g. how to debug)? Set all the machines to a consistent configuration. You should be using services = pam,nss Otherwise sssd merely reads userPassword attributes from nss and performs authentication by itself. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
