hi,
I found this:
https://access.redhat.com/solutions/2261041
which looks like what I am seeing at my end. In /etc/krb5.conf in
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
dns_canonicalize_hostname = false
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
and If I look at my user object in AD using ldapsearch, i see
primaryGroupID: 513
which looks like the right one for 'Domain Users'.
On Fri, Dec 4, 2020 at 12:42 PM Natxo Asenjo <natxo.asenjo(a)gmail.com> wrote:
hi,
let's see:
server:
~]$ getent group 'Domain Users(a)ad.local'
domain users@ad.local:*:1576200513:userx@ad.local
~]$ getent group 1576200513
domain users@ad.local:*:1576200513:userx@ad.local
I tried before and the list came back empty (no users, but gid could be
resolved though), now one user (there are at least a few hundreds).
idm client:
$ getent group 'Domain Users(a)ad.local'
$ getent group 1576200513
So the client gets nothing back indeed. After logging in, I get an error
in the shell: "/usr/bin/id: cannot find name for group ID 1576200513", so
this seems related (was already wondering about this too).
and in the attachment the sssd_domain log file.
Thanks!
--
regards,
Natxo
--
--
Groeten,
natxo