On Thu, 23 Oct 2014, crony wrote:
Hi List,
On IPA server I added one external group for AD group.
When I log in to IPA client I can see that group:
97687(trustlinuxgroup_from_ad2posix)
but also I see few different groups came directly from Active Directory
like 127310615(trustlinuxgr...@acme.example.com) or 127200513(domain
us...@acme.example.com):
Afer clearing the cache, the group assignment looks different, few more or
less groups showed by id command.
Do you know the reason? I have no idea what to do with this.
Prior to SSSD 1.12 full group membership was only retrieved during
actual authentication step. With 1.12.2, I think, we have means to pick
up most of the groups before authentication as well, barring those that
are not valid outside of the domain or forest's use (domain local
groups).
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project