-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/20/2013 09:08 AM, Jakub Hrozek wrote:
On Fri, May 17, 2013 at 09:09:17PM +0000, John Bossert wrote:
> Am fighting a battle with sssd/ldap and udev (RHEL6/Centos6).
>
> I have a udev rule that sets disk ownership to oracle/asmadmin at
> boot. The user oracle and group asmadmin are registered in
> ldap.
>
> Other (udev) forums suggest that udev is executing before
> networking is enabled, ergo ldap is unreachable and the disks
> remain owned by root/root. Hmmm, could sssd caching be a
> solution?
>
Yes, it should.
> Following the various tutorials, I've enabled sssd, with
> "cache_credentials = TRUE" in sssd.conf, but I'm still seeing the
> same results. Either sssd caching isn't happening, or udev isn't
> making use of it.
>
cache_credentials only caches salted password hashes (which is off
by default). Identity lookups are always cached and if there was at
least one lookup prior to requesting the data offline, it should
work even before network is up.
There might potentially be a race-condition where SSSD is reporting as
started before the back-ends are responding, depending on which
version of SSSD he's running. I think we fixed that in RHEL 6.3.
> # getent --service=sss passwd oracle oracle:*:550:400:Oracle
> User:/home/oracle:/bin/bash
>
This seems strange to me, earlier you said that both oracle user
and asmadmin group are in LDAP, yet you are able to resolve a the
oracle user from passwd?
You misread this one. Reordering the arguments for clarity:
getent passwd -s sss oracle
> # getent --service=sss group asmadmin asmadmin:*:403:oracle
>
> Any guidance, either to solve the problem else to obtain some
> useful diagnostics?
>
I'm not quite certain what the problem is, can you describe it in
more detail? Does udev not start?
> John
_______________________________________________ sssd-users mailing
list sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlGaKCAACgkQeiVVYja6o6NbwQCeIurfb43Q+DTX6YtuI632sPMc
CP0An2ltLWBY5VZOD4NXq10HNjJQIQ/1
=DCFX
-----END PGP SIGNATURE-----