Am Mon, Sep 18, 2023 at 11:34:28AM -0400 schrieb Ranbir via FreeIPA-users: > Hello Everyone, > > Is there a flag to disable all caching in sssd? I know we shouldn't > disable the various caches. However, I'm working on isolating a problem > we're seeing between our firewall and AD.
Hi, no, caching cannot be disabled completely, especially the cache stored in the file system. > > The firewall has a plugin that monitors AD for session information. > When a login occurs, the firewall is supposed to see that and then > allow the user to login to hosts inside of a protected network. > > We have a trust between AD and IPA. Logins to the IPA enrolled server > with an AD account always works. But, quite often login from that host > to a host inside the protected network fails. When we look on the > firewall for live sessions, no session info for that user is found. > Obviously, that's why the firewall blocked access. How do you try to login to the host in the protected network, with ssh or other? What kind of session information is the firewall expecting? bye, Sumit > > My hunch is one or more of sssd's caching parameters is/are the source > of the issue. Thus, I'm wondering if there's a way to quickly disable > the caching. > > Thanks, > > -- > Ranbir > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
