3

I'm using sssd in order to work with LDAP users and groups within our Linux environment.

I had to rename the LDAP group of one of my Linux users and I noticed that after I finished editing the group, when I ran: id username on the Linux machine it kept showing the previous name (before the rename).

I've tried rebooting the server but the cache wasn't cleaned and kept showing me the previous group name.

I searched Google and found the next command, in redhat's official site:

sss_cache -E

This fixed my issue and cleared the sssd cache and in the next time I ran: id user the right group name displayed.

But my questions are:

1. How come a full server reboot didn't clear the cache?
2. How can I make sure the cache gets deleted when the server is rebooted?

Thanks in advance

Itai Ganot
  • 10,644
  • 29
  • 93
  • 146

3 Answers3

5
  1. Without a credentials cache any offline authentication will fail.
  2. Add the sss_cache -E to your startup scripts.

If you do wipe the cache on reboot then until the domain servers can be contacted no users will be able to authenticate to that machine using domain credentials until it is able to.

Brian
  • 3,476
  • 18
  • 16
2
  1. because the sssd cache is not stored in ram, so it survives reboots;
  2. do as Brian recommends and add that command to the rc.local, for instance.

For more info about the sssd caches read man sssd.conf on your system.

natxo asenjo
  • 5,739
  • 2
  • 26
  • 27
0
  1. I believe has been covered by @natxo asenjo.
  2. Consider placing the sssd cache in a tmpfs filesystem - see Mount the cache in tmpfs.
gScott
  • 33
  • 1
  • 6