Hello, "Look at your sssd.conf, are you caching?" Yes "What is the time to live?" It should be default, as I didn't change anything (I don't know the default value) "What does your pam auth for session section look like is sss optional or required?" Can you pls tell me where to search for this? Which conf file?
[sssd] config_file_version = 2 domains = LDAP services = nss, pam, autofs, ssh reconnection_retries = 3 [nss] reconnection_retries = 3 debug_level = 2 filter_users = root, oracle filter_groups = root [pam] reconnection_retries = 3 debug_level = 2 [domain/LDAP] id_provider = ldap access_provider = ldap chpass_provider = ldap ldap_schema = rfc2307 ldap_uri = ldaps://hostname:LDAPs_port ldap_default_bind_dn = <bindDN_username> ldap_default_authtok = <password> ldap_default_authtok_type = password ldap_search_base = <suffix> ldap_user_search_base = cn=users,<suffix> ldap_group_search_base = cn=groups,<suffix> ldap_access_filter = isMemberOf=cn=linuxusers,cn=groups,<suffix> cache_credentials = true enumerate = false debug_level = 9 ldap_id_use_start_tls = false ldap_tls_reqcert = demand ldap_tls_cacert = /etc/sssd/cacerts/<trust_cert>.pem ldap_tls_cacertdir = /etc/sssd/cacerts ldap_user_name = employeeNumber ldap_user_ssh_public_key = userCertificate;binary _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
