Hi Tom, Looking in krb5_child.log it does indicate it's attempting to renew TGT. I'm not super familiar with sssd, but am guessing it's hitting an error at this point:
(Thu Aug 26 16:11:40 2021) [[sssd[krb5_child[2891]]]] [sss_child_krb5_trace_cb] (0x4000): [2891] 1629987100.654: Retrieving host/[email protected] from MEMORY:/etc/krb5.keytab (vno 2, enctype aes256-cts) with result: 0/Success (Thu Aug 26 16:11:40 2021) [[sssd[krb5_child[2891]]]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. (Thu Aug 26 16:11:40 2021) [[sssd[krb5_child[2891]]]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [toms\@[email protected]] might not be correct. (Thu Aug 26 16:11:40 2021) [[sssd[krb5_child[2891]]]] [sss_child_krb5_trace_cb] (0x4000): [2891] 1629987100.655: Destroying ccache MEMORY:rd_req2 I notice that sssd.conf isn't specifying auth_provider; perhaps you need to set that? ** Changed in: sssd (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941857 Title: sssd does not renew user TGT even when krb5_renew_internal and _lifetime are set. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1941857/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
