[Freeipa-users] Re: cache invalidation dilema on the clients
Hi,
Hi,
On Fri, Jun 25, 2021 at 5:27 PM iulian roman via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
There are cases where you need to run "sss_cache -E" on the server as
well. That might be it.
I run it as well on both IPA servers , restarted sssd, sss_cache -u , etc.
This could be a timeout. The client requests the information from the
server which does not reply within the timeout value.
It can be, but what are the values/variables which need to be adjusted ?
Since there is no entry in the SSSD cache, the only possible outcome
is "no user found".
Set SSSD in debug mode, level 9:
https://docs.pagure.org/sssd.sssd/users/troubleshooting.html
on both IDM server and IDM client, restart sssd on both and you will
see what happens more clearly.
I enabled for domain, nss, ssd on both ipa client
and servers and tried to connect the dots. It seems to be related to that private group (I
opened a new thread for that issue)
> You might want to adjust timeouts so that this does not happen, but do
> not set them too high either.
>
>
> From the man page, this should help: sss_cache -u <user>
>
> HTH
> François