On (19/05/17 10:37), Joakim Tjernlund wrote: >On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote: >> I can understand the first unlock from waking up from sleep. For the >> second, bump your debug_level in sssd.conf up to 7 and then check to see if >> you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the >> second login attempt from the lock screen. You should be able to see if it >> is using cached creds or actively trying to parse the domain server. >> Can you paste your sssd.conf also? > >I not using a VPN, local ethernet (got wifi too bu in this case eth is >connected) >
And log file says there are problem with resolution of DNS names. e.g. [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc02.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc02.infinera.com': Could not contact DNS servers Therefore sssd works in offline mode and therefore cannot renew a ticket. LS >[sssd] >config_file_version = 2 >domains = infinera.com >services = nss, pam >debug_level = 0xffff > >[nss] >fallback_homedir = /home/%u >default_shell = /bin/bash >debug_level = 0xffff >enum_cache_timeout = 3600 >entry_negative_timeout = 300 > >[pam] >debug_level = 0xffff > >[domain/infinera.com] >#debug_level = 0xffff > >ignore_group_members = false >ldap_id_mapping = false >cache_credentials = true >enumerate = false >ldap_enumeration_refresh_timeout = 1800 >entry_cache_timeout = 3600 >refresh_expired_interval = 2700 > >id_provider = ad >auth_provider = ad >access_provider = permit >chpass_provider = ad > >ad_server = se-dc01.infinera.com,se-dc02.infinera.com >ad_backup_server = sv-dc01.infinera.com,sv-dc02.infinera.com > >dyndns_iface = vpn0, wlan0, eth0 >dyndns_update = true >dyndns_refresh_interval = 600 >dyndns_update_ptr = true >dyndns_ttl = 3600 >case_sensitive = false > >ldap_referrals = false >ldap_sasl_mech = GSSAPI >ldap_schema = rfc2307bis > >ldap_access_order = expire >ldap_account_expire_policy = ad >ldap_force_upper_case_realm = true > >krb5_realm = INFINERA.COM >krb5_canonicalize = true >krb5_store_password_if_offline = true >krb5_use_kdcinfo = False >krb5_renewable_lifetime = 7d >krb5_lifetime = 24h >krb5_renew_interval = 4h > _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org