On Wed, Aug 31, 2016 at 04:36:58AM -0000, Daniel Hermans wrote:
I added as you suggested and can login! Thanks so much! Couldn't find this option in
man pages etc..what does this magic flag do exactly?
Ooops, I'm sorry, this is a manpage bug. I will fix the man pages.. (I'm
not sure if it makes sense to document the option in full or just
document that this needs to be set for id mapping with LDAP..)
It's an attribute used purely for ID mapping with AD and normally it
the primary group ( a mash of some large number with 513 on the end - Domain Users ) is
coming up numeric - would you recommend a local /etc/group entry to deal with this?
Hmm, strange, this doesn't happen in my setup. If you run "sss_cache -E"
and then "getent group $number", you should see SSSD converting the GID
to SID and searching the SID on the AD side, does that emit some errors
in the log?