Wednesday, May 15, 2013

How to flush nscd cache in Linux

After adding user to a new group in LDAP I've noticed that change has been detected on almost all hosts except one. First I thought that maybe LDAP configuration on that host is broken but everything else was working fine except that one user showing invalid group membership.
Uncle google told me to restart nscd service - it didn't help.
However stopping nscd daemon completely seems to fix the issue, when I checked user again (groups user or id user) it shown the correct, updated group membership.
Nscd manual described valuable option which helped me resolve this issue. You need to use -i (invalidate) and provide cached table name to get it updated.
After running:
nscd -i group
caching daemon started responding with up-to-date data.

In similar way you may fix hosts cache to prevent keep old dns responses:
nscd -i hosts

Btw: if interested you may check what's in the current nscd database in /var/db/nscd folder. Tables stored in that folder are in binary folder so you may consider running strings on each table which you want to review.
Posted by at
Labels: ,

4 comments:

  1. HeatherFebruary 17, 2016 at 9:32 AM

    Thanks so much! I ran into an issue where only one account did not have up-to-date group information after I made a correction to my LDAP configuration. As you experienced, restarting nscd did not help, but this did.

    ReplyDelete
  2. MithunMarch 27, 2016 at 9:57 PM

    There could be times when nscd isnt running and you still have the same issue. The solution is to clear the SSSD cache. Below is the command:
    sss_cache -U -G -N

    ReplyDelete
  3. MikeMarch 28, 2016 at 10:21 AM

    good point, thanks!

    ReplyDelete
  4. UnknownNovember 1, 2016 at 6:49 AM

    Thanks mate, this is what I was looking for.

    ReplyDelete

Subscribe to: Post Comments (Atom)