Immediate clear Active Directory cache in linux server (centos7)

sssd cache needed when linux server has lost contact with Active Directory server, people can still login without it but sometimes we need to clear Active Directory cache for security reason e.g you have to revoke sudo profile out of user as we speak.  

Neither "sss_cache -E"   nor "systemctl stop sssd; rm -rf /var/lib/sss/db/*; systemctl restart sssd" would help us to immediate clear Active Directory cache in linux server when user still login. 


The best way is force down the user session on linux server (kill -9 PID).


Comments

Post a Comment

Popular posts from this blog

OSS RC : learning by doing (new beginning)

CIF Self Management: #/opt/ericsson/nms_cif_sm/bin/smtool [option] [MC] Option [stop|start|online|offline|coldrestart|warmrestart|cancel|config|help|exit] i.e : #./smtool online Activity Manager, #./smtool –list Log : Log [-print] [-type error|event|command|nwstat|security] [-number number] [-host host] [-filter filterfile[:number]] i.e #/opt/ericsson/nms_cif_sm/bin/log –type error –number 10 |more #./log –filter myfilterfile.txt:2 (means: second row of myfilterfile.txt as filter criteria) See errors as they come in, use: #/opt/ericsson/nms_cif_sm/bin/newLogRecordsViewer.sh Openfusion #cd /opt/inprise/openfusion/bin/ Environment file: # ls –la .javaenv Check version: #./version Start manager: #./manager Log is on duty: administrative state is unlocked Log will never become full : wrap Log full: halt (until persistent storage is exhausted) Err&system log: #/opt/inprise/openfusion/domains/OpenFusion/loca...
Read more

How to ensure a new Domain Controller server replicate to others within Active Directory Domain Services (Windows server 2019)

Image
Once you added a new Domain Controller server,  you have to ensure it's been replicated to others to avoid data discrepancy happening.  Check "Replication Topology" & Run "Replicate Now " on each of Domain Controller server. I have two domain controllers: OSW2K19-DC01 and OSW2K19-DC03 that replicate each other, it depends on your Replication Topology anyway.   Open "Active Directory Site and Services" Tools from Server manager on Domain Controller server. I prefer GUI instead of command line to show you, easy & colourful :-D.  Right Click on NTDS Settings, All tasks --> Check Replication Topology on  OSW2K19-DC03 (Newly DC server) : Run "Replicate Now" : Right Click on NTDS Settings,  All Tasks --> Check Replication Topology on OSW2K19-DC01 (old DC server): Right Click on NTDS Settings, All Tasks --> Run "Replicate Now" : Check Replication Status (repadmin /replsummary ) from Powershell : show replication (repadmin ...
Read more

RSYNC via SSH on solaris 10

How to use rsync via ssh on solaris 10: 1. install rsync package on both (server & client) and follow the instruction : # pkgadd -d rsync-2.6.9-sol10-sparc-local (sparc) #pkgadd -d rsync-3.0.7-sol10-x86-local (x86) don't forget to install libcap also if it doesn't exist on servers (#pkginfo |grep -i libcap) : #pkgadd -d libpcap-1.1.1-sol10-sparc-local (sparc) #pkgadd -d libpcap-1.1.1-sol10-x86-local (x86) Voila! you have rsync package installed!: -bash-3.00$ which rsync /usr/local/bin/rsync -bash-3.00$ which ssh/usr/bin/ssh 2. to check whether it is worked using ssh or not : #rsync -avn -e ssh --rsync-path=/usr/local/bin/rsync remoteuser@remotehost:/dirtobecopied/ /localdir/destination 3. to try synchronize the data with option Z (compressed using gzip) : #rsync -avz -e ssh --rsync-path=/usr/local/bin/rsync remoteuser@remotehost:/dirtobecopied/ /localdir/destination 4. to limit transfer speed/bandwidth (e.g 1MBps): #rsync -avz --bwlimit=1024 --rsync-path=/usr/local/bin/rs...
Read more