> On 12 Mar 2018, at 14:59, Joakim Tjernlund <[email protected]> > wrote: > > On Sun, 2018-03-11 at 21:38 +0100, Jakub Hrozek wrote: >> CAUTION: This email originated from outside of the organization. Do not >> click links or open attachments unless you recognize the sender and know the >> content is safe. >> >> >>> On 9 Mar 2018, at 14:45, Joakim Tjernlund <[email protected]> >>> wrote: >>> >>> On Fri, 2018-03-09 at 13:28 +0100, Jakub Hrozek wrote: >>>> CAUTION: This email originated from outside of the organization. Do not >>>> click links or open attachments unless you recognize the sender and know >>>> the content is safe. >>>> >>>> >>>> SSSD 1.16.1 >>>> =========== >>>> >>>> The SSSD team is proud to announce the release of version 1.16.1 of the >>>> System Security Services Daemon. >>>> >>>> The tarball can be downloaded from https://releases.pagure.org/SSSD/sssd/ >>>> >>>> RPM packages will be made available for Fedora shortly. >>>> >>>> Feedback >>>> -------- >>>> Please provide comments, bugs and other feedback >>>> via the sssd-devel or sssd-users mailing lists: >>>> https://lists.fedorahosted.org/mailman/listinfo/sssd-devel >>>> https://lists.fedorahosted.org/mailman/listinfo/sssd-users >>>> >>> >>> Did a quick test here and it seems like enumerate = true is >>> broken. Is it just me or .. ? >> >> I don’t know about any bugs around enumeration in 1.16.1. Maybe you found an >> issue, but it’s hard to say without more context. > > OK, thanks. > I am a bit pressed for time but I did install 1.16.1 on another machine as > well and now I see > a pattern: > I cleared the sss/db and rebooted, logged in and tested again with good old > finger command > and it failed, I waited 5-10 mins and finger still failed. Went on lunch and > when I got back finger worked! > > It seems that enumerate can take a very long time?
Yes, but that should be no different from 1.16.0. Do the two versions behave differently for you? Did you already check the sssd logs if there is anything interesting there? btw the config file you posted uses enumerate=false, did you revert from true because of the issue you are seeing? > sssd.conf(minor edits): > > [sssd] > config_file_version = 2 > domains = xxx.com > services = nss, pam > #debug_level = 0x0fff > > [nss] > fallback_homedir = /home/%u > default_shell = /bin/bash > #debug_level = 0x0fff > enum_cache_timeout = 3600 > entry_negative_timeout = 300 > > [pam] > #debug_level = 0x0fff > > [domain/xxx.com] > #debug_level = 0xffff > > timeout = 30 > ad_maximum_machine_account_password_age = 0 > > ignore_group_members = false > ldap_id_mapping = false > cache_credentials = true > enumerate = false > ldap_enumeration_refresh_timeout = 1800 > entry_cache_timeout = 3600 > refresh_expired_interval = 2700 > > id_provider = ad > auth_provider = ad > access_provider = permit > chpass_provider = ad > > dyndns_update = true > dyndns_refresh_interval = 600 > dyndns_update_ptr = true > dyndns_ttl = 3600 > case_sensitive = false > > ldap_referrals = false > ldap_sasl_mech = GSSAPI > ldap_schema = rfc2307bis > > ldap_access_order = expire > ldap_account_expire_policy = ad > ldap_force_upper_case_realm = true > > krb5_realm = XXXX.COM > krb5_canonicalize = true > krb5_store_password_if_offline = true > krb5_use_kdcinfo = False > krb5_renewable_lifetime = 7d > krb5_lifetime = 24h > krb5_renew_interval = 4h > > Jocke > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
