Problem
We experienced issues with Windows login for staff users at a school. The UCR variable ucsschool/ldap/replicate_staff_to_edu was already set to true, so this wasn’t the root cause.
Investigation
To diagnose the issue, we checked whether the user information is correctly retrieved from the system sources. If getent passwd <staff_user> does not return expected results, it suggests that the system is not retrieving user data correctly, possibly due to caching issues.
Solution
We resolved the issue by refreshing the Name Service Cache Daemon (nscd). The following commands were executed:
nscd -i passwd && systemctl restart nscd
Explanation
This cleared the cache and ensured that the next query retrieves fresh data from the actual sources (e.g., /etc/passwd or LDAP). When user information changes (e.g., due to modifications in /etc/passwd or LDAP synchronization), stale or outdated data in the nscd cache can cause login failures.