SSSD: Difference between revisions

Realm Details

sudo realm list

Example:

$ sudo realm list
ad.example.com
  type: kerberos
  realm-name: AD.EXAMPLE.COM
  domain-name: ad.example.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %U@ad.example.com
  login-policy: allow-realm-logins

Restart Service

sudo systemctl restart sssd

sudo systemctl stop sssd ; sleep 3 ; sudo systemctl start sssd

sudo systemctl status sssd

Clear Cache

sss_cache - sss_cache invalidates records in SSSD cache. Invalidated records are forced to be reloaded from server as soon as related SSSD backend is online. Options that invalidate a single object only accept a single provided argument.

Clear cache:

# -E means everything
sss_cache -E

Issues

Dynamic DNS update failed

Logs report:

[ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [1432158240]: Dynamic DNS update failed

Cause:

• You do not have AD permission to do Dynamic DNS updates

Solution:

• Disable AD Dynamic DNS updates (or get permissions)

/etc/sssd/sssd.conf

[domain/DOMAIN_SECTION]
# dyndns_update = True
dyndns_update = False