There are settings in the sssd.conf file that aren't in the
ldbsearch
output or that have the wrong values in the output:
[root@host ~]# cat /etc/sssd/sssd.conf
[
domain/domain.com]
access_provider = simple
ad_domain =
domain.com
ad_hostname =
host.domain.com
cache_credentials = true
debug_level = 6
default_shell = /bin/bash
dyndns_update = false
fallback_homedir = /home/%u
id_provider = ad
krb5_realm =
DOMAIN.COM <
http://domain.com/>
krb5_store_password_if_offline = true
ldap_id_mapping = true
realmd_tags = manages-system joined-with-adcli
simple_allow_groups = Group1
use_fully_qualified_names = false
[sssd]
config_file_version = 2
domains =
domain.com
override_space = _
services = nss,pam
[root@host ~]# ldbsearch -H /var/lib/sss/db/config.ldb
server_sort:Unable to register control with rootdse!
# record 1
dn: cn=sssd,cn=config
cn: sssd
config_file_version: 2
domains:
domain.com
services: nss, pam
distinguishedName: cn=sssd,cn=config
# record 2
dn: cn=config
version: 2
lastUpdate: 1459260529
Are you really sure that sssd was restarted after changing sssd.conf?
The attribute lastUpdate says taht sssd.conf was changed at
"Tuesday, 29-Mar-16 14:08:49 UTC"
Your timezeone seems to be -4:00 according to mail header.
But in your previous mail configuration file was changed
earlier (13:29:58 UTC)
Mar 29 09:29:58 localhost puppet-agent[2865]:
(Class[Realmd::Sssd::Service]) Scheduling refresh of Service[sssd]
Mar 29 09:29:58 localhost systemd: Stopping System Security Services
Daemon...
Mar 29 09:29:58 localhost sssd[nss]: Shutting down
Mar 29 09:29:58 localhost sssd[be[domain.com]]: Shutting down
Mar 29 09:29:58 localhost sssd[pam]: Shutting down
Mar 29 09:29:58 localhost systemd: Starting System Security Services
Daemon...
Mar 29 09:29:58 localhost sssd: Starting up
Mar 29 09:29:58 localhost sssd[be[domain.com]]: Starting up
Mar 29 09:29:59 localhost sssd[nss]: Starting up
Mar 29 09:29:59 localhost sssd[pam]: Starting up
Mar 29 09:29:59 localhost systemd: Started System Security Services Daemon.
Is it possible that sssd.conf was changed more often with different versions ?
LS