On 1/21/2025 5:44 PM, James Ralston via sssd-users wrote:
When the issue occurs, neither restarting sssd, nor using "sssctl cache-expire" will make sssd discard its stale group information. The only thing that we have found that will solve the problem is to:1. stop sssd 2. remove all files and directories in /var/lib/sss not contributed by an RPM package 3. restart sssd The problem is that this operation is only safe to do if one can guarantee that the host is online with the AD provider (network is up, any necessary VPNs are active).
You also have to have a root password (bad practice IMO) and know it as sudo will fail most often once the SSSD cache is borked.
I'm sad to say that I've seen this at every client I've had that has used SSSD. I can't recommend SSSD for this reason. It would be great software except for this problem.
-- Chris Paul | Rex Consulting |https://www.rexconsulting.net
-- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
