On Sun, 2018-03-11 at 21:38 +0100, Jakub Hrozek wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > > On 9 Mar 2018, at 14:45, Joakim Tjernlund <joakim.tjernl...@infinera.com> > > wrote: > > > > On Fri, 2018-03-09 at 13:28 +0100, Jakub Hrozek wrote: > > > CAUTION: This email originated from outside of the organization. Do not > > > click links or open attachments unless you recognize the sender and know > > > the content is safe. > > > > > > > > > SSSD 1.16.1 > > > =========== > > > > > > The SSSD team is proud to announce the release of version 1.16.1 of the > > > System Security Services Daemon. > > > > > > The tarball can be downloaded from https://releases.pagure.org/SSSD/sssd/ > > > > > > RPM packages will be made available for Fedora shortly. > > > > > > Feedback > > > -------- > > > Please provide comments, bugs and other feedback > > > via the sssd-devel or sssd-users mailing lists: > > > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > > > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > > > > > > > Did a quick test here and it seems like enumerate = true is > > broken. Is it just me or .. ? > > I don’t know about any bugs around enumeration in 1.16.1. Maybe you found an > issue, but it’s hard to say without more context.
OK, thanks. I am a bit pressed for time but I did install 1.16.1 on another machine as well and now I see a pattern: I cleared the sss/db and rebooted, logged in and tested again with good old finger command and it failed, I waited 5-10 mins and finger still failed. Went on lunch and when I got back finger worked! It seems that enumerate can take a very long time? sssd.conf(minor edits): [sssd] config_file_version = 2 domains = xxx.com services = nss, pam #debug_level = 0x0fff [nss] fallback_homedir = /home/%u default_shell = /bin/bash #debug_level = 0x0fff enum_cache_timeout = 3600 entry_negative_timeout = 300 [pam] #debug_level = 0x0fff [domain/xxx.com] #debug_level = 0xffff timeout = 30 ad_maximum_machine_account_password_age = 0 ignore_group_members = false ldap_id_mapping = false cache_credentials = true enumerate = false ldap_enumeration_refresh_timeout = 1800 entry_cache_timeout = 3600 refresh_expired_interval = 2700 id_provider = ad auth_provider = ad access_provider = permit chpass_provider = ad dyndns_update = true dyndns_refresh_interval = 600 dyndns_update_ptr = true dyndns_ttl = 3600 case_sensitive = false ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true krb5_realm = XXXX.COM krb5_canonicalize = true krb5_store_password_if_offline = true krb5_use_kdcinfo = False krb5_renewable_lifetime = 7d krb5_lifetime = 24h krb5_renew_interval = 4h Jocke _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org