Am Mon, Feb 07, 2022 at 09:38:04AM -0600 schrieb Russell Jones:
Thanks! I did end up finding that configuration. Setting it to false
did
fix the issue.
To be honest, I don't really understand the point of that configuration
option.
Hi,
in RHEL-8 SSSD will handle user and groups from /etc/passwd and
/etc/group by default as well. Unfortunately there is an issue is groups
and members are coming from different domains as in your case (local
group, remote users). As a result SSSD can still resolve the local group
but not add the corresponding remote members.
'enable_files_domain = false' will switch off the handling of the local
files in SSSD and let glibc and the nss modules collect the group
members.
HTH
bye,
Sumit
On Mon, Feb 7, 2022 at 3:13 AM Sumit Bose via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
> Am Thu, Jan 27, 2022 at 04:06:19PM -0600 schrieb Russell Jones via
> FreeIPA-users:
> > Hi all,
> >
> > I am very confused on why I am not able to enumerate the group members
> on a
> > centos 8 machine with the above command, but I can on a centos 7 machine.
> >
> > [root@centos8-1 log]# getent group -s sss video
> > video:x:39:
> >
> > [root@centos7-n11 log]# getent group -s sss video
> > video:*:39:<lots of users>
> >
> > Both are configured with the same sssd.conf file, and both have
> "enumerate
> > = True" in the domain section.
> >
> > In addition, if I just do "getent group" without the "-s
sss" the group
> and
> > all of its members show up properly on both machines.
> >
> > Super confused here. Thanks in advance for the help!
>
> Hi,
>
> can you try if setting
>
> enable_files_domain = false
>
> in the [sssd] section in sssd.conf on centos 8 helps?
>
> bye,
> Sumit
>
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> > Do not reply to spam on the list, report it:
>
https://pagure.io/fedora-infrastructure
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> Do not reply to spam on the list, report it:
>
https://pagure.io/fedora-infrastructure
>