Any thoughts?  This issue seems to be rippling through all our AD Domain Joined servers.  The group randomly goes missing and nobody can log into the server.  After some time, it eventually starts working again.

On Apr 24, 2018, at 9:08 AM, Max DiOrio <> wrote:

We’re running SSSD 1.15.2

On Apr 23, 2018, at 6:29 PM, Lachlan Musicman <> wrote:

On 24 April 2018 at 03:01, Max DiOrio <> wrote:
So we are having issues with a couple servers where users suddenly won't be able to log in.  All our auth is done through AD and not a thing has changed.

On a working server, I can do 'id username' and get back the proper list of groups the user is a member of.

On the non-working server, 'id username' returns *mostly* the same list.  However the one group that the user needs to be a member to log in is missing.

There are some groups in both lists that that have a group ID, but not a group name.  And the one non-working server has a single group entry duplicated.  The results of 'id username' match throughout, except the noted areas below and a few entries that are listed out of order between the two.

Here are the differences "non-working" on top, "working" on bottom (gs-technology is the group in question that I need on the non-working server).  It doesn't make sense that 1002201991 is showing up twice in the list.  





Max, Which version of SSSD are you using, and which OS?


sssd-users mailing list --
To unsubscribe send an email to