[Pkg-sssd-devel] Bug#888207: Bug Resolution
Geoff Goehle
goehle at gmail.com
Wed Jan 24 16:00:31 UTC 2018
After talking to people on the sssd mailing list the solution was to
add "enable_files_domain = false" into the [sssd] section. This
wasn't necessary in sssd 1.16.0-1 but became necessary once we
upgraded to 1.16.0-2. Its not clear to me what happened with that
upgrade and if it was just a particular interaction with my setup or
a more general change. The root cause seems to be, quoting
Jakub Hrozek from the mailing list:
SSSD has a feature which mirrors the local /etc/passwd and /etc/group
files for faster lookups of local users without having to enable nscd
which is tricky to operate together with sssd, especially if you run
sssd for a remote domain, too:
https://fedoraproject.org/wiki/Changes/SSSDCacheForLocalUsers
The files domain is currently identity-only and no authentication is
performed. That, together with the duplicate users and the files domain
running by default has been causing the failures for you..
They recommended changing the nsswitch.conf order. I don't know if this
still qualifies as a bug and will let someone else decide how to mark things.
More information about the Pkg-sssd-devel
mailing list