13.2.30. Using NSCD with SSSD
SSSD is not designed to be used with the NSCD daemon. Even though SSSD does not directly conflict with NSCD, using both services can result in unexpected behavior, especially with how long entries are cached.
The most common evidence of a problem is conflicts with NFS. When using Network Manager to manage network connections, it may take several minutes for the network interface to come up. During this time, various services attempt to start. If these services start before the network is up and the DNS servers are available, these services fail to identify the forward or reverse DNS entries they need. These services will read an incorrect or possibly empty
resolv.conf
file. This file is typically only read once, and so any changes made to this file are not automatically applied. This can cause NFS locking to fail on the machine where the NSCD service is running, unless that service is manually restarted.
To avoid this problem, enable caching for hosts and services in the
/etc/nscd.conf
file and rely on the SSSD cache for the passwd
, group
, and netgroup
entries.
Change the
/etc/nscd.conf
file:
enable-cache hosts yes enable-cache passwd no enable-cache group no enable-cache netgroup no
With NSCD answering hosts requests, these entries will be cached by NSCD and returned by NSCD during the boot process. All other entries are handled by SSSD.