> Well, to debug this one needs: > - stop sssd > - remove old sssd logs (/var/log/sssd/) > - set 'debug_level = 9' in [nss] and domain sections of sssd.conf > - start sssd > - date; id UID > - capture logs
I can't pinpoint the problem, example from sssd_nss.log: (2024-01-21 16:32:33): [nss] [sss_ncache_check_str] (0x2000): [CID#32926] Checking negative cache for [NCE/GROUP/default/prod-users@default] (2024-01-21 16:32:33): [nss] [cache_req_search_done] (0x0400): [CID#32926] CR #294846: Returning updated object [GID:650612@default] (2024-01-21 16:32:33): [nss] [cache_req_create_and_add_result] (0x0400): [CID#32926] CR #294846: Found 1 entries in domain default (2024-01-21 16:32:33): [nss] [cache_req_done] (0x0400): [CID#32926] CR #294846: Finished: Success (2024-01-21 16:32:33): [nss] [sss_ncache_check_str] (0x2000): [CID#32926] Checking negative cache for [NCE/USER/default/user1@default] (2024-01-21 16:32:33): [nss] [sss_domain_get_state] (0x1000): [CID#32926] Domain default is Active (2024-01-21 16:32:33): [nss] [sss_ncache_check_str] (0x2000): [CID#32926] Checking negative cache for [NCE/USER/default/user2@default] The reason I get these two users is because they are direct members of the group: prod-users. I'm missing a user3, which is member of a group "devs", which is again member of prod-user: IPA groups: prod-users: users: member: user1 member: user2 groups: member: devs devs: users: member: user3 > Then `sssctl analyze --logdir . request list` - it will list 'id' - > it will list something like "... [uid 0] CID #1: id" > And `sssctl analyze --logdir . request show --merge 1` (where 1 is > from CID #1) will show all log messages related to this lookup. sssctl analyze didn't give anything that seemed interesting. I just don't understand what I'm missing and why sssd is not able to fetch it like nss-pam-ldapd. -- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue