Wondering if somebody can help me decipher why I don't get a anything back when I run a getent group command, but in the SSSD logs I see that SSSD finds a group in Active Directory. I'm running this command, which returns nothing.

root@ultralisk:~# getent group 'WINNT\Domain Admins'

When I run that command, two SSSD logs get updated; my domain's log (sssd_WINNT.log) and the nss service log (sssd_nss.log). In the domain log I get the following

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [be_get_account_info] (0x0100): Got request for [4098][1][name=domain admins]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [be_req_set_domain] (0x0400): Changing request domain from [WINNT] to [WINNT]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_groups_next_base] (0x0400): Searching for groups with base [DC=winnt,DC=harmonywave,DC=com]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(name=domain\20admins)(objectClass=group)(name=*))][DC=winnt,DC=harmonywave,DC=com].

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [groupType]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 10

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result] (0x2000): Trace: sh[0x1de3360], connected[1], ops[0x1df69b0], ldap[0x1de9a20]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range] (0x2000): No sub-attributes for [member]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range] (0x2000): No sub-attributes for [whenChanged]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range] (0x2000): No sub-attributes for [uSNChanged]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range] (0x2000): No sub-attributes for [name]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectSid]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range] (0x2000): No sub-attributes for [groupType]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result] (0x2000): Trace: sh[0x1de3360], connected[1], ops[0x1df69b0], ldap[0x1de9a20]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_has_deref_support] (0x0400): The server supports deref method ASQ

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_nested_group_hash_group] (0x2000): Marking group as non-posix and setting GID=0!

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_nested_group_process_send] (0x2000): About to process group [CN=Domain Admins,CN=Users,DC=winnt,DC=harmonywave,DC=com]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users] (0x2000): Search users with filter: (&(objectclass=user)(originalDN=CN=Administrator,CN=Users,DC=winnt,DC=harmonywave,DC=com))

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users] (0x2000): No such entry

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(originalDN=CN=Administrator,CN=Users,DC=winnt,DC=harmonywave,DC=com))

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_groups] (0x2000): No such entry

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_nested_group_process_send] (0x2000): Looking up 1/1 members of group [CN=Domain Admins,CN=Users,DC=winnt,DC=harmonywave,DC=com]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_nested_group_process_send] (0x2000): Members of group [CN=Domain Admins,CN=Users,DC=winnt,DC=harmonywave,DC=com] will be processed individually

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=user)][CN=Administrator,CN=Users,DC=winnt,DC=harmonywave,DC=com].

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 8

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result] (0x2000): Trace: sh[0x1de3360], connected[1], ops[(nil)], ldap[0x1de9a20]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result] (0x2000): Trace: sh[0x1ddff30], connected[1], ops[0x1df7fe0], ldap[0x1de7fd0]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range] (0x2000): No sub-attributes for [sAMAccountName]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result] (0x2000): Trace: sh[0x1ddff30], connected[1], ops[0x1df7fe0], ldap[0x1de7fd0]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_nested_group_recv] (0x0400): 1 users found in the hash table

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_nested_group_recv] (0x0400): 1 groups found in the hash table

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_primary_name] (0x0400): Processing object Administrator

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users] (0x2000): Search users with filter: (&(objectclass=user)(originalDN=CN=Administrator,CN=Users,DC=winnt,DC=harmonywave,DC=com))

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users] (0x2000): No such entry

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_primary_name] (0x0400): Processing object Domain Admins

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_group] (0x0400): Processing group Domain Admins

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_group] (0x1000): Mapping group [Domain Admins] objectSID [S-1-5-21-2962426039-599259981-477356674-512] to unix ID

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN [CN=Domain Admins,CN=Users,DC=winnt,DC=harmonywave,DC=com] to attributes of [Domain Admins].

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp [20170410191631.0Z] to attributes of [Domain Admins].

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_ghost_members] (0x0400): The group has 1 members

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_ghost_members] (0x0400): Group has 1 members

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_ghost_members] (0x0400): Adding ghost member for group [Administrator]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_group] (0x0400): Storing info for group Domain Admins

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_primary_name] (0x0400): Processing object Domain Admins

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_grpmem] (0x0400): Processing group Domain Admins

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users] (0x2000): Search users with filter: (&(objectclass=user)(gidNumber=526800512))

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users] (0x2000): No such entry

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_grpmem] (0x0400): Adding member users to group [Domain Admins]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result] (0x2000): Trace: sh[0x1ddff30], connected[1], ops[(nil)], ldap[0x1de7fd0]

(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!

You can see a result is returned and I can perform the an ldapsearch with the same filter and get results myself. The sssd_nss.log file shows the following.

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1].

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1].

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [33] with input [WINNT\Domain Admins].

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'WINNT\Domain Admins' matched expression for domain 'WINNT', user is Domain Admins

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [Domain Admins] from [WINNT]

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/GROUP/WINNT/domain admins]

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getgrnam_search] (0x0100): Requesting info for [domain admins@WINNT]

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x4189f0:2:domain admins@WINNT]

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [WINNT][4098][1][name=domain admins]

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x225c8e0

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x4189f0:2:domain admins@WINNT]

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x225c8e0

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/GROUP/WINNT/domain admins]

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getgrnam_search] (0x0100): Requesting info for [domain admins@WINNT]

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/GROUP/WINNT/domain admins] to negative cache

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getgrnam_search] (0x0040): No results for getgrnam call

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x4189f0:2:domain admins@WINNT]

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [client_recv] (0x0200): Client disconnected!

(Tue Apr 11 16:19:12 2017) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x226bc00][24]

I see a few odd items in the logs, but not really sure I understand what they're saying. Does anyone see why I wouldn't get anything back from getent? By the way I can do a getent on users and I get results back.

Thanks,

Joshua Schaeffer