What I have:
AD Domain:
Example.com
IPA Domain
lx.example.com
CentOS 7.9
sssd 1.16
IPA is a master a 2 replicas. All the machines have the following configuration:
Max domain level: 1
Enabled server roles: CA server, IPA master, DNS server, NTP server, AD trust agent, AD
trust controller
We use ID Views for both Users and Groups in AD.
Our issues are with the ID Views for the groups.
We constantly get the following error:
/usr/bin/id: cannot find name for group ID XXX
The XXX is the GID defined in the ID View of the user.
The problem is resolved if I do one of the following:
===============================
[username@ipa_client]: cd /home
ls -lrt
===============================
OR
getent group <GID>
OR
getent group <ID View groupname>
OR
getent group <ad_groupname@domain>
Of course, the issue is returning when cache is expired or when a **new** user that has
the same primary GID tries to login on a server.
What kind of information would you need in order to help me to solve this issue?