Description of problem: When IPA master is backed up and then restored, authentication does not work until SSSD caches are clear and restarted. Guide should have a note about it. Related freeipa-users thread with more information: https://www.redhat.com/archives/freeipa-users/2015-May/msg00493.html Version-Release number of selected component (if applicable): ipa-client-4.1.0-18.el7_1.3 Document URL: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/restore.html
Jakub, I would welcome your advice what is the recommended procedure for restoring SSSD/clearing the caches causing FAST CCACHE issues in the referred thread. Right now, the user simply used: systemctl stop sssd rm -f /var/lib/sss/db/* systemctl start sssd
Also rm /var/lib/sss/pubconf/* and /var/lib/sss/mc/* You could go as far as: # find /var/lib/sss/ ! -type d | xargs rm -f As everything except the directories can be recreated, but that's probably an overkill.
Published in an asynchronous update.