Am Fri, May 14, 2021 at 04:03:11PM -0000 schrieb iulian roman via FreeIPA-users:
I think the very strange behaviour was due to the fact that I did not have a name for the gid in AD . As a workaround, I removed the gid from override (and let IPA generate one) . The interesting part was that getent did assign the username to the respective gid (therefore both getent group commands were successful ).
Hi,
do you, by chance, use the same numrical value for UID and GID in the id-override for the user?
I do not know if there is other alternative apart from adding a name for all GIDs in Active Directory in order to have the gid override working properly (if I define a posix group in IPA for the AD trust group does not work).
Yes, this is currently expected, there must be a group with this GID or the GID is set in an id-override for a group.
HTH
bye, Sumit
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure