I'll have to get back to you tomorrow on the version, but it's RHEL 7.4.

One server started working after flushing the cache a million times and restarting sssd a couple hundred. The other server I believe is showing even less groups. 

I feel like we've had these issues a few times very randomly. And nothing I do necessarily fixes it per se. 

On Mon, Apr 23, 2018, 6:29 PM Lachlan Musicman <datakid@gmail.com> wrote:
On 24 April 2018 at 03:01, Max DiOrio <mdiorio@gmail.com> wrote:
So we are having issues with a couple servers where users suddenly won't be able to log in.  All our auth is done through AD and not a thing has changed.

On a working server, I can do 'id username' and get back the proper list of groups the user is a member of.

On the non-working server, 'id username' returns *mostly* the same list.  However the one group that the user needs to be a member to log in is missing.

There are some groups in both lists that that have a group ID, but not a group name.  And the one non-working server has a single group entry duplicated.  The results of 'id username' match throughout, except the noted areas below and a few entries that are listed out of order between the two.

Here are the differences "non-working" on top, "working" on bottom (gs-technology is the group in question that I need on the non-working server).  It doesn't make sense that 1002201991 is showing up twice in the list.  





Max, Which version of SSSD are you using, and which OS?


sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org