I'm trying to obtain group membership of accounts that login via SSSD against an AD
environment (id_provider = ldap, auth_provider = krb5). Authentication completes
successfully and the UID and GID values are correct for the logged in user account:
uid=1113938(username) gid=1000 groups=1000
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
but where there is
"context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" there should be
a list of user-managed groups that the user is a member of. These groups are contained in
an Active Directory environment.
A debug log (debug_level = 6) shows the following segment which repeats on and on:
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [nss_getby_id] (0x0400): Input ID: 0
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_send] (0x0400): CR #33674: New request
'User by ID'
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_select_domains] (0x0400): CR #33674:
Performing a multi-domain search
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_domains] (0x0400): CR #33674:
Search will check the cache and check the data provider
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_set_domain] (0x0400): CR #33674: Using
domain [implicit_files]
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_send] (0x0400): CR #33674:
Looking up UID:0@implicit_files
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674:
Checking negative cache for [UID:0@implicit_files]
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674:
[UID:0@implicit_files] does not exist (negative cache)
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_set_domain] (0x0400): CR #33674: Using
domain [
AD.EXAMPLE.EDU]
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_send] (0x0400): CR #33674:
Looking up UID:0@AD.EXAMPLE.EDU
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674:
Checking negative cache for [UID:0@AD.EXAMPLE.EDU]
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674:
[UID:0@AD.EXAMPLE.EDU] does not exist (negative cache)
(Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_process_result] (0x0400): CR #33674:
Finished: Not found
I can query the AD using ldapsearch and get a group membership list, but I can't seem
to get that data using SSSD. What sssd.conf option should I be using to successfully
obtain this data?
Thanks,
Mike