> Can you do a test on the server by calling
>     id username(a)ad.domain
> and collect sssd_nss.log and sssd_your.ipa.domain.log on the server as
> well?
I uploaded these files to the same place as before - goo.gl/hiFHKE. They have 
SERVER prefix in their names.

> In the id output all groups should have a GID and a name, if there are
> groups with only a GID this might have caused the issue on the client as
> well.

This could be root cause of the issues with rules propagation, because:
groups j...@td.mydomain.com
j...@td.mydomain.com : j...@td.mydomain.com groups: cannot find name for group 
ID 752600513 752600513

Interestingly, ipa group-find doesn't show a group with that id, nor do I 
recognize adding a group with such ID. 
I tried to resolve it by adding a group with such ID locally on the server, but 
it didn't change anything except for the result of groups command above.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to