I have run into an issue on Cent 7 with sssd configured for AD auth. I am able to auth via AD usernames and passwords without issue and can “getent group MOSTGROUPS”. But I have run into an issue where there are some groups that are not being seen / discovered / enumerated etc.
ID of a validated username will display most of the groups, but there are some groups that are not listed which are also those are also the ones that fail getent group. I cannot find a pattern in what groups fail to enumerate. At first I thought it was length, but there are group names over 20 characters that succeed.
EX. ID of user1:
Group1, group 2, group 5
Getent group group1
Getent group “Group 2”
Getent group group3 (user is a long time member of group in AD)
Strace reveals that the command exited with status 2. Nothing is logged in sssd_DOMAIN.log
Please let me know where to look next, thank you.
Center for Vital Longevity
1600 Viceroy Rd
Dallas, TX 75235
P: 972-883-3745 C: 972-757-3299
CVL IT Assistance: CVLTech@utdallas.edu