On Thu, Feb 28, 2019 at 12:29:30AM -0000, Ian Puleston wrote:
"SunnyvaleSite" is correct, and adding that as ad_site is what fixed (or worked-around) the problem.
what do you mean by "did not try to use that when it could not look it up while online" ?
When I was online (without ad_site in sssd.conf) the log showed the "Could not autodiscover AD site" messages above, and there, or just after it, the attempt ended.
When I was offline then it showed the "Looking up domain controllers in domain sv.us.sonicwall.com and site "SunnyvaleSite" (with that DNS lookup failing since I was offline) before it logged me in with the cached info.
So somehow it knew the site name without being able to look it up online.
IIRC they way the code works is that it always goes through the site discovery branch (because the site discovery request also discovers the forest name) and then just throws away the site override if there's an ad_site explicitly defined.