Hi All,
I'm working in a proof of concept for a customer where I've been asked to join the child domain of a Microsoft Active Directory domain,
child.example.com. Users will primarily exist in the parent,
example.com, but some users will also exist in the child. The application requires that all users have a specific primary GID, 1100, which is defined in /etc/group and I'm attempting to apply via override_gid.
User authentication via either the child or parent is successful, however, the override_gid is only applied to users of the child, @
child.example.com and NOT for users of the parent, @
example.com.
I saw what looked to be a similar post to this list from Sep 2018. It was suggested this may be a bug. I didn't see a follow-up/resolution to that thread. Is this issue being tracked or has it been resolved?
Below is my sssd.conf:
[root@linux2 sssd]# cat sssd.conf
[sssd]
domains =
child.example.comconfig_file_version = 2
services = nss, pam
default_domain_suffix =
EXAMPLE.COM[domain/
child.example.com]
ad_domain =
child.example.comkrb5_realm =
CHILD.EXAMPLE.COMrealmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
ad_access_filter = FOREST:example.com:(memberOf:1.2.840.113556.1.4.1941:=CN=LinuxUsers,ou=Groups,dc=child,dc=example,dc=com)
auth_provider = ad
chpass_provider = ad
ldap_schema = ad
override_gid = 1100
CentOS Version:
[root@linux2 sssd]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
SSSD Component Versions:
[root@linux2 sssd]# rpm -qa |grep sssd
sssd-common-pac-1.16.2-13.el7_6.8.x86_64
sssd-ldap-1.16.2-13.el7_6.8.x86_64
python-sssdconfig-1.16.2-13.el7_6.8.noarch
sssd-client-1.16.2-13.el7_6.8.x86_64
sssd-krb5-common-1.16.2-13.el7_6.8.x86_64
sssd-ipa-1.16.2-13.el7_6.8.x86_64
sssd-krb5-1.16.2-13.el7_6.8.x86_64
sssd-dbus-1.16.2-13.el7_6.8.x86_64
sssd-proxy-1.16.2-13.el7_6.8.x86_64
sssd-tools-1.16.2-13.el7_6.8.x86_64
sssd-common-1.16.2-13.el7_6.8.x86_64
sssd-ad-1.16.2-13.el7_6.8.x86_64
sssd-1.16.2-13.el7_6.8.x86_64
Thanks,
-Josh