Re: [Freeipa-users] AD group membership
> -Original Message- > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- > boun...@redhat.com] On Behalf Of Alexander Bokovoy > Sent: Thursday, 19 May 2016 4:07 PM > To: Lachlan Musicman > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] AD group membership > > On Thu, 19 May 2016, Lachlan Musicman wrote: > >Hi, > > > >We seem to have some progress, after reading this blog post about sssd > >performance tuning. > > > >https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-la > >rge-ipa-ad-trust-deployments/ > > > >So now we see that on the FreeIPA server, everything is stable and > >always produces the results we expect with regard to users and group > membership. > >It's also a bit speedier, which is nice. > > > >Unfortunately, on the clients, we are still seeing groups "disappearing" > >occasionally, > You've been told in another thread to upgrade IPA and SSSD packages to what is > in CentOS 7 updates. There was recently (May 12th) a release of RHEL 7.2.4 > updates which CentOS already picked up. This release included fixes to > incomplete group membership you mention. Yes - it seems to be working and stable, even post reboot. Thanks for your help. Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] AD group membership
On Thu, 19 May 2016, Lachlan Musicman wrote: Hi, We seem to have some progress, after reading this blog post about sssd performance tuning. https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/ So now we see that on the FreeIPA server, everything is stable and always produces the results we expect with regard to users and group membership. It's also a bit speedier, which is nice. Unfortunately, on the clients, we are still seeing groups "disappearing" occasionally, You've been told in another thread to upgrade IPA and SSSD packages to what is in CentOS 7 updates. There was recently (May 12th) a release of RHEL 7.2.4 updates which CentOS already picked up. This release included fixes to incomplete group membership you mention. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] AD group membership
Hi, We seem to have some progress, after reading this blog post about sssd performance tuning. https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/ So now we see that on the FreeIPA server, everything is stable and always produces the results we expect with regard to users and group membership. It's also a bit speedier, which is nice. Unfortunately, on the clients, we are still seeing groups "disappearing" occasionally, We found this thread from late last year that seemed to state exactly what we are seeing, although our sssd_pac.log is empty. I have just added debug_level = 7 to [pac] in sssd.conf on server and client. https://www.redhat.com/archives/freeipa-users/2015-December/msg00180.html Did anything come of this? Cheers L. -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
