I'm trying to obtain group membership of accounts that login via SSSD against an AD environment (id_provider = ldap, auth_provider = krb5). Authentication completes successfully and the UID and GID values are correct for the logged in user account:
uid=1113938(username) gid=1000 groups=1000 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
but where there is "context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" there should be a list of user-managed groups that the user is a member of. These groups are contained in an Active Directory environment.
A debug log (debug_level = 6) shows the following segment which repeats on and on:
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [nss_getby_id] (0x0400): Input ID: 0 (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_send] (0x0400): CR #33674: New request 'User by ID' (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_select_domains] (0x0400): CR #33674: Performing a multi-domain search (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_domains] (0x0400): CR #33674: Search will check the cache and check the data provider (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_set_domain] (0x0400): CR #33674: Using domain [implicit_files] (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_send] (0x0400): CR #33674: Looking up UID:0@implicit_files (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674: Checking negative cache for [UID:0@implicit_files] (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674: [UID:0@implicit_files] does not exist (negative cache) (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_set_domain] (0x0400): CR #33674: Using domain [AD.EXAMPLE.EDU] (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_send] (0x0400): CR #33674: Looking up UID:0@AD.EXAMPLE.EDU (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674: Checking negative cache for [UID:0@AD.EXAMPLE.EDU] (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674: [UID:0@AD.EXAMPLE.EDU] does not exist (negative cache) (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_process_result] (0x0400): CR #33674: Finished: Not found
I can query the AD using ldapsearch and get a group membership list, but I can't seem to get that data using SSSD. What sssd.conf option should I be using to successfully obtain this data?
Thanks, Mike