On 12/29/21 13:48, [email protected] wrote: > We have a particular machine that is having trouble resolving an AD group - > "domain admins". The relevant log entries seem to be: > > (2021-12-29 13:40:17): [nss] [cache_req_search_cache] (0x0400): CR #152: > Looking up [domain [email protected]] in cache > (2021-12-29 13:40:17): [nss] [sysdb_search_override_by_name] (0x0400): No user > override found for name [domain [email protected]]. > (2021-12-29 13:40:17): [nss] [sysdb_getgrnam_with_views] (0x4000): Group > object [name=domain [email protected],cn=groups,cn=ad.nwra.com,cn=sysdb], > contains ghost entries which must be resolved before overrides can be applied. > (2021-12-29 13:40:17): [nss] [sysdb_getgrnam_with_views] (0x4000): Returning > empty result. > (2021-12-29 13:40:17): [nss] [cache_req_search_cache] (0x0400): CR #152: > Object [domain [email protected]] was not found in cache > (2021-12-29 13:40:17): [nss] [cache_req_search_ncache_add_to_domain] (0x0400): > CR #152: Adding [domain [email protected]] to negative cache > (2021-12-29 13:40:17): [nss] [sss_ncache_set_str] (0x0400): Adding > [NCE/GROUP/ad.nwra.com/domain [email protected]] to negative cache > (2021-12-29 13:40:17): [nss] [cache_req_process_result] (0x0400): CR #152: > Finished: Not found > (2021-12-29 13:40:17): [nss] [sss_domain_get_state] (0x1000): Domain > ad.nwra.com is Active > (2021-12-29 13:40:17): [nss] [nss_protocol_done] (0x4000): Sending reply: not > found > > on working systems we don't have the sysdb_getgrnam_with_views message. I'd > rather not clear the sssd database. Is there anything else that can be done? > 'sss_cache -g "domain admins"' does not help. > > We're using an IPA <-> AD trust.
So, ldbsearch revealed: dn: name=domain [email protected],cn=groups,cn=ad.nwra.com,cn=sysdb ... ghost: [email protected] and: sss_cache -g 'domain [email protected]' did the trick of clearing that. -- Orion Poplawski IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 https://www.nwra.com/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
