On Thu, Jan 28, 2016 at 03:36:04PM +0100, Jakub Hrozek wrote: > On Thu, Jan 28, 2016 at 02:39:47PM +0100, Rob Verduijn wrote: > > hmmm > > It suddenly started to work.....weird. > > > > On both servers I changed dns_lookup_realm = true (was false) > > stoped sssd and cleared the sssd cache > > rm /var/lib/sss/db/* > > started sssd and it works now > > it's hard to tell w/o logs but the sssd re-fetches the keytab it uses to > establish the connection to the AD DCs on sssd restart (we implemeted > this precisely so that admins have a known point -- sssd restart) when > things go wrong. Maybe sssd just picked the trust keytab only after
oops, sorry, wrong parens. sssd always re-fetches the keytab from IPA master it's running on, not only when things go wrong. The sssd restart just is just a way for the admin to trigger this. > restart, not sure.. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
