[Freeipa-users] Trusted Domain Users - entry_cache_timeout
Jakub Hrozek
jhrozek at redhat.com
Wed Dec 9 12:08:02 UTC 2015
On Wed, Dec 09, 2015 at 12:58:23PM +0100, Winfried de Heiden wrote:
> Hi all,
>
> Using entry_cache_timeout to set different cache timeout for sssd works
> well. However, it doesn't seem to work for Trusted Domain Users (using AD
> trust)
>
> I made some changes, cleaned the cache but expiry will stay on a (too
> long) 10 (ten!) hours!
>
> How can I change the sssd cache timeout for Trusted AD users ? (using IPA
> 4.1)
>
> Kind regards!
Did you change the expiry on a client only or also on the server?
Keep in mind that for identity lookups, only the IPA masters are
connected to AD, the clients fetch data from IPA masters.
(Authentication, however, is done against AD DCs directly)
Another point to keep in mind is that the cache expiry is stored in the
objects themselves, so you might want to refresh the cache.
More information about the Freeipa-users
mailing list