sssd launched before raising network

wouldn't that break offline caching?

Sorry, not "After=network-online.service", and the "After=network-online.target". (and also works with network.target).
Physically disconnected network, the password is accepted (the password is accepted (and hence the local cache is not break?)

I'm not sure I agree with the suggestion. Please note I agree with the use-case, I'm just not sure if this is the right way of fixing the problems.

Check out https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

I agree with the reasoning in the article and I think it would make more sense to improve SSSD to detect that networking had changed to switch from offline to online state. We already have code that resets the offline status if libnl tells us so. Maybe we should also add similar hooks for D-Bus API of networkd and NetworkManager?

It would be nice to enable SSSD debugging and attach logs that reproduce the problem to this bug report, then we could take a look why the libnl detection failed.

I'm delete sssd cache, set debug level sssd to 6, reboot computer. Login domain user (user cheos) failed, login local user (sandman) sucess. Attached log sssd.

Sorry, but in this case, we actually need the logs from the [sssd] section (since the main sssd process is what dispatches both the libnl notifications and notifications from the resolv.conf inotify task..)

It would also be nice to look into journal to see when exactly the network comes up.

btw looks like you're hitting a known bug where the keytab renewal task is executed even when adcli is not installed which leaks a fd. So either please install adcli or disable the renewal task.

>>So either please install adcli

Hmm, I used msktutil instead of adcli to join the domain. It is simply install adcli help? (Tomorrow I will do a clean install with msktutil and let down the logs.)

Yes, the bug was that we try to run adcli even if it's not there which triggers another bug where we leak file descriptors if we fail to run adcli..

Both were fixed upstream, I'm not sure if Ubuntu already picked up those patches.. (upstream tickets 3006 and 3017 btw..)

Yes, I did a clean install Ubuntu 16.04 x64 (+ install adcli), like everything is working properly, the normal login, no delays. Incidentally, but x32 ubuntu not notice this, at least login goes without problems. You can probably close the ticket? Thank you!

Per former comment setting to incomplete.
That way anyone still needing to participate can do so, but otherwise it will expire in 60 days.

[Expired for sssd (Ubuntu) because there has been no activity for 60 days.]