On 24 April 2018 at 03:01, Max DiOrio <mdiorio@gmail.com> wrote:
So we are having issues with a couple servers where users suddenly won't be able to log in.  All our auth is done through AD and not a thing has changed.

On a working server, I can do 'id username' and get back the proper list of groups the user is a member of.

On the non-working server, 'id username' returns *mostly* the same list.  However the one group that the user needs to be a member to log in is missing.

There are some groups in both lists that that have a group ID, but not a group name.  And the one non-working server has a single group entry duplicated.  The results of 'id username' match throughout, except the noted areas below and a few entries that are listed out of order between the two.

Here are the differences "non-working" on top, "working" on bottom (gs-technology is the group in question that I need on the non-working server).  It doesn't make sense that 1002201991 is showing up twice in the list.  





Max, Which version of SSSD are you using, and which OS?