On Fri, Dec 04, 2020 at 02:05:58PM +0100, Natxo Asenjo via FreeIPA-users wrote:
hi,
I found this:
https://access.redhat.com/solutions/2261041
which looks like what I am seeing at my end. In /etc/krb5.conf in
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
dns_canonicalize_hostname = false
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
and If I look at my user object in AD using ldapsearch, i see
primaryGroupID: 513
which looks like the right one for 'Domain Users'.
Hi,
can you send the server logs with debug_level=9 covering
sss_cache -g 'Domain Users(a)ad.local'
getent group 'Domain Users(a)ad.local'
getent group 1576200513
the 'sss_cache' command should make sure the cached entry is expired and
has to be refreshed by the backend.
bye,
Sumit
On Fri, Dec 4, 2020 at 12:42 PM Natxo Asenjo <natxo.asenjo(a)gmail.com> wrote:
>
> hi,
>
> let's see:
>
> server:
> ~]$ getent group 'Domain Users(a)ad.local'
> domain users@ad.local:*:1576200513:userx@ad.local
> ~]$ getent group 1576200513
> domain users@ad.local:*:1576200513:userx@ad.local
>
> I tried before and the list came back empty (no users, but gid could be
> resolved though), now one user (there are at least a few hundreds).
>
>
> idm client:
> $ getent group 'Domain Users(a)ad.local'
> $ getent group 1576200513
>
> So the client gets nothing back indeed. After logging in, I get an error
> in the shell: "/usr/bin/id: cannot find name for group ID 1576200513", so
> this seems related (was already wondering about this too).
>
> and in the attachment the sssd_domain log file.
>
> Thanks!
>
> --
> regards,
> Natxo
>
--
--
Groeten,
natxo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...