On 04/03/2013 08:20 AM, Jakub Hrozek wrote:
I installed ldb-tools and ran the ldbsearch query; it came up empty, so I confirmed the user is currently logged in (which is what I would expect would trigger the cache entry...?)Hm, interesting, I would only expect this message if cache_credentials was set to FalseAre you sure the user suttonh you are logging in as has logged in before to establish the cached credentials? This is how you can be completely sure: * install the ldb-tools package * run: $ ldbsearch -H /var/lib/sss/db/cache_AMERICAS.CPQCORP.NET.ldb name=suttonh this search should yield the cached entry for the user named suttonh and you should see a cachedPassword attribute that contains the salted password hash If the password hash is there, can you check the debug logs (/var/log/sssd/sssd_AMERICAS.CPQCORP.NET.log) if there is anything of interest?
[root@tobyws ~]# ldbsearch -H /var/lib/sss/db/cache_AMERICAS.CPQCORP.NET.ldb
name=suttonh
asq: Unable to register control with rootdse!
# returned 0 records
# 0 entries
# 0 referrals
[root@tobyws ~]# w
09:31:17 up 1:46, 2 users, load average: 0.08, 0.06, 0.05
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
suttonh :0 07:46 ?xdm? 1:15 0.19s gdm-session-worker
[pam/gdm-password]
root pts/0 07:47 0.00s 0.14s 0.04s w
[root@tobyws ~]#
/Harry
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
