https://bugzilla.redhat.com/show_bug.cgi?id=2168743
--- Comment #13 from Chris Miller cjm@tryx.org --- Hi Sumit,
So the GPO is expecting that the user is a member of the group with the SID 'S-1-5-21-2272066503-1558053515-3376931032-1153' but the current group-membership of the user does not include this group and access is denied.
Without knowing what *-1153 is, I can tell you that this user, "cjm@tclc.org", which is me, has no problem authenticating to the same domain controller when logging into a Windows desktop workstation. It would be interesting to translate *-1153 into something I recognize. Can you tell me how I do that?
I have a workaround, "#access_provider = ad", but this problem is not so urgent that I need to work around a problem by ignoring it. I think it is far more interesting that my group membership is not recognize by sssd, and that is a puzzle that should be solved.
Thanks for the help,
Chris.