On Thu, Jul 09, 2020 at 03:09:05PM +0200, Nicolas Martin wrote: > Hello, > > Using sssd with credentials caching, I encounter the following problem: > > When the 389 server is offline, users with cached credentials can login; > users without cached credentials cannot login (normal behavior) > When the 389 server comes back online, users with cached credentials can > login; users without cached credentials still cannot login. > Only restarting the sssd service will allow users without cached > credentials to login. > > Is there a timeout to configure or any setting in sssd configuration ?
Hi, by default SSSD checks once a minute if the server is available again, please see 'offline_timeout' in man sssd.conf for details. HTH bye, Sumit > > I'm using sssd-1.16.2-13.el7_6.8.x86_64 (RHEL 7U6). > > I have the following configuration: > [domain/default] > > cache_credentials = True > ldap_search_base = dc=XXX > krb5_realm = EXAMPLE.COM > krb5_server = kerberos.example.com > id_provider = ldap > auth_provider = ldap > chpass_provider = ldap > ldap_uri = ldaps://YYY > ldap_tls_cacertdir = /etc/openldap/cacerts > [sssd] > services = nss, pam > config_file_version = 2 > > domains = default > [nss] > > [pam] > > [sudo] > > [autofs] > > [ssh] > > [pac] > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
