It's worth noting that, in difference to the bug report: 1. We aren't making changes to the overrides. The overrides exist, they just aren't propagating evenly or consistently. 2. We are seeing these errors in the various logs:
sssd_DOMAIN.log:(Wed May 18 09:00:01 2016) [sssd[be[DOMAIN]]] [sysdb_delete_group] (0x0400): Error: 2 (No such file or directory) sssd_DOMAIN.log:(Wed May 18 09:00:01 2016) [sssd[be[DOMAIN]]] [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory) krb5_child.log:(Wed May 18 09:12:30 2016) [[sssd[krb5_child[8929]]]] [k5c_send_data] (0x0200): Received error code 0 krb5_child.log:(Wed May 18 09:12:30 2016) [[sssd[krb5_child[8931]]]] [k5c_send_data] (0x0200): Received error code 1432158214 sssd_nss.log:Error: 3, 0, Account info lookup failed sssd_nss.log:(Wed May 18 09:01:04 2016) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 22 error message: Account info lookup failed sssd_nss.log:Error: 3, 22, Account info lookup failed sssd_nss.log:(Wed May 18 09:01:04 2016) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 0 error message: Account info lookup failed cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 18 May 2016 at 08:35, Lachlan Musicman <data...@gmail.com> wrote: > Hmmm, I also now see > > https://fedorahosted.org/sssd/ticket/2642 > and > https://bugzilla.redhat.com/show_bug.cgi?id=1217127 > > Versions being run: > > sssd-client-1.13.0-40.el7_2.4.x86_64 > sssd-ad-1.13.0-40.el7_2.4.x86_64 > sssd-proxy-1.13.0-40.el7_2.4.x86_64 > sssd-1.13.0-40.el7_2.4.x86_64 > sssd-common-1.13.0-40.el7_2.4.x86_64 > sssd-common-pac-1.13.0-40.el7_2.4.x86_64 > sssd-ipa-1.13.0-40.el7_2.4.x86_64 > sssd-ldap-1.13.0-40.el7_2.4.x86_64 > python-sssdconfig-1.13.0-40.el7_2.4.noarch > sssd-krb5-common-1.13.0-40.el7_2.4.x86_64 > sssd-krb5-1.13.0-40.el7_2.4.x86_64 > > ipa-server-trust-ad-4.2.0-15.0.1.el7.centos.6.1.x86_64 > > > ------ > The most dangerous phrase in the language is, "We've always done it this > way." > > - Grace Hopper > > On 17 May 2016 at 22:34, Jakub Hrozek <jhro...@redhat.com> wrote: > >> On Tue, May 17, 2016 at 03:08:37PM +1000, Lachlan Musicman wrote: >> > FWIW, >> > >> > We are seeing the issues that are described here: >> > >> > >> https://www.redhat.com/archives/freeipa-users/2015-December/msg00046.html >> > >> > I was about to write when I found this, it explains exactly what I am >> > seeing - right down to the "impossible to reproduce because it's so >> > (seemingly) random". >> > >> > >> > I am about to read up on the SSSD trouble shooting in order to up the >> logs >> > &etc, but here is some output I can share - note that this all happened >> in >> > ~5 minutes. As you can see, clearing the cache has various unpredictable >> > effects. Both users should return the same list of groups. This was >> > performed on a FreeIPA client. >> >> There were some bugs related to external groups, what server and client >> packages version are you running? >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project