> Can you do a test on the server by calling > > id username(a)ad.domain > > and collect sssd_nss.log and sssd_your.ipa.domain.log on the server as > well? I uploaded these files to the same place as before - goo.gl/hiFHKE. They have SERVER prefix in their names.
> In the id output all groups should have a GID and a name, if there are > groups with only a GID this might have caused the issue on the client as > well. This could be root cause of the issues with rules propagation, because: groups j...@td.mydomain.com j...@td.mydomain.com : j...@td.mydomain.com groups: cannot find name for group ID 752600513 752600513 Interestingly, ipa group-find doesn't show a group with that id, nor do I recognize adding a group with such ID. I tried to resolve it by adding a group with such ID locally on the server, but it didn't change anything except for the result of groups command above. _______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org