On Wed, Apr 03, 2013 at 10:38:46AM -0400, Sutton, Harry (GSSE) wrote: > On 04/03/2013 10:26 AM, Jakub Hrozek wrote: > >On Wed, Apr 03, 2013 at 10:08:53AM -0400, Sutton, Harry (GSSE) wrote: > >>On 04/03/2013 09:56 AM, Jakub Hrozek wrote: > >>>Ok, the name might be different (cased perhaps), can you try searching > >>>all the entries? > >>> > >>>ldbsearch -H /var/lib/sss/db/cache_AMERICAS.CPQCORP.NET.ldb > >>> > >>>(I might have gotten the ldb file location wrong, tab completion is your > >>>friend) > >>> > >>Okay, it was a case-sensitivity thing, user SuttonH is there (sorry, > >>I should have thought of that...), but it's not showing me a > >>'cachedPassword' attribute: > >> > >>[root@tobyws ~]# ldbsearch -H > >>/var/lib/sss/db/cache_AMERICAS.CPQCORP.NET.ldb name=SuttonH | grep -i > >>cachedPassword > >>asq: Unable to register control with rootdse! > >>[root@tobyws ~]# > >Can you check if the cachedPassword attribute is populated when you log > >in online? (It should be populated provided that the cache_credentials is > >set to True when the online login happens) > > > Where else would that attribute be registered? It's not showing up > anywhere in the sssd database: > > [root@tobyws ~]# ldbsearch -H /var/lib/sss/db/cache_AMERICAS.CPQCORP.NET.ldb > | grep -i pass > asq: Unable to register control with rootdse! > [root@tobyws ~]# > > > /Harry >
I must say I'm quite stumped, the caching code is quite stable and well tested. Are you using pam_krb5.so as discussed in the other thread or pam_sss.so ? If it's pam_sss.so, then let's double check if there is maybe any issue with configuration. If you touch the sssd.conf file: # touch /etc/sssd/sssd.conf raise debug_level in the [sssd] section this time, you should see the configuration dumped after startup in the log files -- look for messages coming from confdb_create_ldif. This dump will contain LDAP-like entries describing the databases, one of mine looks like this: dn: cn=localipa,cn=domain,cn=config cn: localipa id_provider: ldap cache_credentials: True ldap_schema: rfc2307bis ldap_uri: ldap://172.114.0.11 ldap_search_base: cn=accounts,dc=ipa-0,dc=example,dc=com ldap_user_search_base: cn=users,cn=accounts,dc=ipa-0,dc=example,dc=com ldap_group_search_base: cn=groups,cn=accounts,dc=ipa-0,dc=example,dc=com timeout: 30000 Does your domain contain cache_credentials=True in the record describing your domain? _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
