sssd realmd Active Directory client degrades over time

General support questions
Post Reply
ronnie9ball
Posts: 3
Joined: 2020/02/12 17:22:10

sssd realmd Active Directory client degrades over time

Post by ronnie9ball » 2020/02/12 18:25:15

I have CentOS 7 clients attached to Windows 2016 Active Directory domain controllers. Everything works great after joining the domain. I used the Red Hat Windows Domain Integration guide to get this going.

Several weeks later, I have a user that reports he can no longer log in to some of the computers across the network. I run:

Code: Select all

# id user.name
on all of the computers in my network. About half return:

Code: Select all

id: user.name: no such user
Yesterday, I receive a new user. I add her to AD Users and Computers. Usually we have to wait about 5 minutes for the user add to complete. Then the user can log in. She couldn't log into the machine until I re-joined her computer to the domain. Only 3 of 51 computers can id the user.

I have tried:
[*]Rebooting the client.
[*]Manually restarting sssd service on the client

I cannot get the client to work again until:

Code: Select all

# realm leave
# realm join -U my.admin.account my.domain.com
# reboot
Does anyone have experience fixing this issue?

ronnie9ball
Posts: 3
Joined: 2020/02/12 17:22:10

Re: sssd realmd Active Directory client degrades over time

Post by ronnie9ball » 2020/02/13 17:55:42

Though my DNS servers (which are both of my domain controllers) are reporting that DNS is working great. My Linux computers are not resolving DNS without delays.

Since I wasn't sure I was creating the "A" record correctly, I tried to get Linux to update the DNS servers automatically by adding the line:

Code: Select all

dyndns_update = True
to /etc/sssd/sssd.conf

That didn't work. By the man pages, this setting is default. And, Linux cannot update Windows DNS servers. I see conflicting information online about this. Either way, it isn't working for me. Might be chasing my tail. I mean, how hard is it to add an "A" record. I was hoping that the automatic option would show me if the record would be created with a different option.

Question now is: Can flaky DNS cause the issue I am seeing with my clients dropping domain users until the client is removed and re-added to the domain?

Post Reply

Return to “CentOS 7 - General Support”