On Fri, Oct 21, 2016 at 04:07:16PM +1100, Robert Sturrock wrote:
> > On Thu, Oct 20, 2016 at 04:46:01PM +1100, Robert Sturrock wrote:
> > […]
> > > However, when I try logging in as a student domain user
> > > (student.example.au),
> > > I don't see any of the groups (there should be 8):
> > >
> > > $ ssh -l rnst student example au ipa-client-rh7.ipa.example.au
> > > [rnst ipa-client-rh7 ~]$ groups
> > > rnst
> > >
> > > Is this expected behaviour? Is there a possible client configuration that
> > > will support our AD forest setup or is this simply not possible?
> >
> > What you did is quite correct, but unfortunately works only with
> > RHEL-7.3 or newer as it requires sssd-1.14 or newer, sorry.
>
> I tried the same configuration on FC24, which has sssd-1.14.1-3, but it
> didn’t work for the student domain either:
>
> $ ssh -l r...@student.example.au ipa-client-fc24.ipa.example.au
> -sh-4.3$ groups
> rnst
>
> Is the version shipping with RHEL7.3 likely to be different?
No, it's pretty much the same. Can you take a look at the logs and
create a dump of the ldb cache, please?
See:
https://fedorahosted.org/sssd/wiki/Troubleshooting
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
