Am Tue, May 11, 2021 at 03:09:54PM -0000 schrieb iulian roman via FreeIPA-users:
Hi,
can you give some more details about the group, where it comes from IPA or AD, and the GID, it is the original GID of the group or coming from an id-override as well?
Hi,
There is trust between IPA and AD (non-posix trust) . All AD users which have a uidNumber and gidNumber configured in AD have been added in 'Default Trust View' and idoverride configured for them (the uid and gid override is the same like the one in AD). The same AD users which are configured above are as well part of IPA posix groups via group membership (ex. ad_unix_users is member of ipa unix_users group) in order to configure sudo rules for them. On the ipa servers and replicas i can query/list attributes for all users, on ipa clients i can list users (via id <username> command) for which uid/gid is overridden _only_ after i manually run getent group <default_user_gid>. For the users which do not have uid and gid overriden it works correctly.
I do not know if explanation is clear, but if you need more information, please let me know.
bye, Sumit