Built sssd with that patch didn't solve the issue. Getting this error in NSS debug log:
(Fri Oct 14 13:56:38 2016) [sssd[nss]] [nss_memcache_initgr_check] (0x1000): Got request for [user@DOMAIN] (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1a60aa0 (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1a60b60 (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Running timer event 0x1a60aa0 "ltdb_callback" (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1a60b60 "ltdb_timeout" (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1a60aa0 "ltdb_callback" (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1a53f90 (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1a56d90 (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Running timer event 0x1a53f90 "ltdb_callback" (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1a56d90 "ltdb_timeout" (Fri Oct 14 13:56:38 2016) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1a53f90 "ltdb_callback" (Fri Oct 14 13:56:38 2016) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x1a53bf0 (Fri Oct 14 13:56:38 2016) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x1a520b0 (Fri Oct 14 13:56:38 2016) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Oct 14 13:56:38 2016) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 22 error message: Init group lookup failed (Fri Oct 14 13:56:38 2016) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 22, Init group lookup failed Will try to return what we have in cache (Fri Oct 14 13:56:38 2016) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x4189f0:3:user@DOMAIN] Our sssd.conf: [sssd] config_file_version = 2 services = nss, pam domains = DOMAIN default_domain_suffix = DOMAIN [nss] debug_level = 9 entry_cache_timeout = entry_negative_timeout = 1 filter_users = root, www-data, sshd, zabbix, snmp, mail, postfix, proxy filter_groups = root [pam] debug_level = 9 [domain/DOMAIN] cache_credentials = false id_provider = ldap sudo_provider = ldap ipa_server = ipa.DOMAIN ldap_uri = ldap://ipa.DOMAIN:389 ldap_search_base = dc=domain ldap_group_search_base = cn=groups,cn=compat,dc=domain auth_provider = krb5 chpass_provider = krb5 krb5_kdcip = ipa.DOMAIN krb5_server = ipa.DOMAIN krb5_store_password_if_offline = false krb5_realm = DOMAIN sssd version 1.11.7-3 -- Peter Viskup On Tue, Jan 12, 2016 at 10:35 AM, Peter Viskup <skupko...@gmail.com> wrote: > Severity: important > Tags: fixed-upstream > > Just went trough the source codes and discovered the Debian version is > missing the upstream patch. Probably some other upstream patches are > missing too. > > https://sources.debian.net/src/sssd/1.11.7-3/src/providers/ipa/ipa_opts.h/ > > https://git.fedorahosted.org/cgit/sssd.git/commit/?id= > 3937736546e2a4b7cccc58fded3efdff9ae690fc > > Thank you for dealing with this bug report. > > -- > Peter Viskup >
