On Mon, May 11, 2020 at 02:16:56PM -0500, Spike White wrote:
For RHEL7 and RHEL8 sssd, it can see domain-local AD groups (from the local
domain) + global groups (from the local domain) + universal groups (from
all trusted domains).
Yet it cannot see global groups from non-local trusted domains. We have
those team convert the group to universal groups and problem solved.
(don't use many global groups anyway),
Is this expected behaviour?
in the /etc/sssd/sssd.conf file, the local domain is defined and then the
other trusted domains are auto-discovered. so that it's searching the GC
to find universal group memberships. I mention the trusted domains in
Like I say -- this is not a big problem. We rarely use global groups
anyway. Just curious if this is expected behaviour.
in general this is not expected, global groups from other domains should
just work fine.
Do those groups not work at all, i.e
getent group groupname(a)other.ad.domain
does not work at all or are no members listed or does the group does not
show up in the groupmembership list of a user?
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines