Thanks very much for the response! Much appreciated Yes it does. getent group does return the proper gid for queried groups
[root@X samba]# getent group MC-Services MC-Services:*:11959: Here is our sssd.conf >>>> [sssd] config_file_version = 2 debug_level = 6 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = foo [nss] filter_groups = root, filter_users = root, reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/foo] enumerate = False id_provider = ldap min_id = 1000 chpass_provider = krb5 ldap_schema = rfc2307bis # currently using ldap over port 389 because ldaps over 686 returns 'encoded packet size too big' ldap_uri = ldap://dc.mc.foo.com ldap_search_base = ou=accounts,dc=mc,dc=foo,dc=com ldap_id_mapping = false ldap_tls_reqcert = allow ldap_sasl_mech = GSSAPI ldap_sasl_canonicalize = true ldap_sasl_authid = X$ ldap_krb5_init_creds = true ldap_user_object_class = user ldap_group_object_class = top ldap_group_nesting_level = 5 ldap_group_search_base = ou=accounts,dc=mc,dc=foo,dc=com?subtree?&(objectClass=top)(!(objectClass=computer))(gidnumber=*)(|(groupType<=0)(&(objectClass=user)(objectCategory=person)(uidNumber=*))) ldap_user_name = sAMAccountName ldap_group_name = sAMAccountName ldap_user_fullname = cn ldap_user_home_directory = unixHomeDirectory auth_provider = krb5 krb5_server = dc.mc.foo.com:88 krb5_realm = MC.FOO.COM krb5_canonicalize = false krb5_changepw_principal = kadmin/changepw krb5_auth_timeout = 15 krb5_keytab = /etc/krb5.keytab krb5_validate = true access_provider = simple simple_allow_users = simple_allow_groups = MC-Services, >>> _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
