On (08/11/14 12:24), Diaulas Castro wrote: >We have similar issue but on RHEL 6.6 (sssd 1.11), the problem is about >enumerating groups. > Diaulas, Have you reported your problem?
I know just about one problem with IPA and sssd-1.11 (on RHEL 6.6) The upstream bug is https://fedorahosted.org/sssd/ticket/2471 There is a workaround. You can change value of option ldap_group_object_class in domain section to ipaUserGroup ldap_group_object_class = ipaUserGroup Could you confirm that you had the same problem? Otherwise please report bug either to upstream trac or Red Had Bugzilla. >Use the command "id some_group_that_user_belong" on affected client, logout >and try logon again. > >Our issue was with sudo not working, but everything based on groups stopped >to work too. > >For workaround (if this is your problem too) edit sssd.con on domain >section: >enumarating = true It would be better to fix it in sssd. LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project