“cannot find name for group ID 20103039 ” Linux login Error
Here we are going to discuss about the login error where LDAP authentication set up through the company Active Directory server. After logging in to our server with LDAP user id and password ,sometimes we may get an error like ” cannot find name for group ID 20103039″
What is SSSD Cache
SSSD caches the results of users and credentials from these remote locations so that if the identity provider goes offline, the user credentials are still available and users can still login. This helps to improve performance and facilitates scalability with a single user that can login over many systems, rather than using local accounts everywhere.
——————- advertisements ——————-
———————————————————
The cached results can potentially be problematic if the stored records become stale and are no longer in sync with the identity provider.Hence clearing the cache files will resolve the issues.
How to clear the Cache
Here we will discuss couple of methods to clear the cache files. 1. sss_cache Tool The cache purge utility, sss_cache invalidates records in the SSSD cache for a user, a domain, or a group. Invalidating the current records forces the cache to retrieve the updated records from the identity provider, so changes can be realized quickly.
# sss_cache -E
2. Deleting Cache Files SSSD stores its cache files in the /var/lib/sss/db/ directory. it is also possible to clear the cache by simply deleting the corresponding cache files.
——————- advertisements ——————-
———————————————————
Before deleting the files , it is important to stop the sssd service .
# systemctl stop sssd
After this remove the cache files as below
# rm -rf /var/lib/sss/db/*
Once removed , start the sssd service back online
# systemctl restart sssd
SSSD should now start up correctly with an empty cache.Any user login will now first go directly to the LDAP for authentication, and then be cached locally afterwards.So the login errors should be cleared . Hope this will help you. Please have your suggestions/feedback in the comments section.