> Alexey, > Thank you for the effort thus far and the feedback, but I'd like to offer a > few points. > > - As referenced, these systems are ephemeral, so joining them to AD to use > the AD provider isn't sustainable.
Out of curiosity: did you consider a pool of pre-enrolled hosts whose identity (host principal key) ephemeral systems could assume? > What is different is these OS instances are Rocky 9.5 Linux containers > deployed as stateless systems. > So, given that my question becomes what is different? Is there something the > daemon is missing in a stateless configuration? Required domain information (SID/name) is cached. I bet if you "stop sssd; rm -rf /var/lib/sss/db/*; start sssd" on a "stateful" system you will face the same issue. > I'll test with the recommendations given and perhaps the results may provide > additional breadcrumbs. Keep in mind that those settings should be consistent over the entire fleet of client hosts. Otherwise you'll end up with a different ID for a given SID on different hosts. Another workaround could be: to forcefully trigger 'getent -s sss passwd name' at node startup. -- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
