Good afternoon,


I have run into an issue on Cent 7 with sssd configured for AD auth.  I am able to auth via AD usernames and passwords without issue and can “getent group MOSTGROUPS”.  But I have run into an issue where there are some groups that are not being seen / discovered / enumerated etc.


ID of a validated username will display most of the groups, but there are some groups that are not listed which are also those are also the ones that fail getent group.  I cannot find a pattern in what groups fail to enumerate.  At first I thought it was length, but there are group names over 20 characters that succeed.


EX.  ID of user1:


Group1, group 2, group 5


Getent group group1

Username list!


Getent group “Group 2”

Username list!


Getent group group3 (user is a long time member of group in AD)

Blank output


Strace reveals that the command exited with status 2.  Nothing is logged in sssd_DOMAIN.log


Please let me know where to look next, thank you.



Mike Karich

IT Manager

Center for Vital Longevity

1600 Viceroy Rd

Dallas, TX 75235

P: 972-883-3745 C: 972-757-3299


CVL IT Assistance: