📖 ~1 min read
Table of contents
Symptom & Impact
Domain users cannot log in even with correct credentials; `getent passwd ` returns nothing.
Environment & Reproduction
Common after SSSD upgrade, abrupt power loss, or moving between LDAP backends.
Root Cause Analysis
LDB cache files in `/var/lib/sss/db` are corrupted or out of sync with the directory server.
Quick Triage
Check `sssctl domain-list` and review `/var/log/sssd/`.
Step-by-Step Diagnosis
Inspect SSSD logs at debug_level 9 temporarily and look for `ldb_modify failed`.
Solution – Primary Fix
Stop sssd, remove `/var/lib/sss/db/*` and `/var/lib/sss/mc/*`, and restart sssd.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Reset sssd config to defaults and rejoin the realm via `realm join`.
Verification & Acceptance Criteria
User lookups, group membership, and SSH logins work for domain users.
Rollback Plan
Restore SSSD cache backups if they exist and config rollback is required.
Prevention & Hardening
Automate SSSD configuration via Salt and monitor cache health.
Related Errors & Cross-Refs
Pairs with `[sssd[be]] backend is offline` repeated messages.
Related tutorial: View the step-by-step tutorial for sles-15.
View all sles-15 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
SUSE SSSD troubleshooting and realm join documentation.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
