On Tue, Apr 11, 2017 at 04:39:49PM -0600, Joshua Schaeffer wrote: > Wondering if somebody can help me decipher why I don't get a anything back > when I run a getent group command, but in the SSSD logs I see that SSSD > finds a group in Active Directory. I'm running this command, which returns > nothing. > > root@ultralisk:~# getent group 'WINNT\Domain Admins' > > When I run that command, two SSSD logs get updated; my domain's log > (sssd_WINNT.log) and the nss service log (sssd_nss.log). In the domain log > I get the following >
[...] Here is the reason: > (Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] > [sdap_nested_group_hash_group] (0x2000): Marking group as non-posix and > setting GID=0! So the group was found and saved, but SSSD decided the group is not eligible to be returned for the OS. This could be because SSSD filtered the group type (domain-local groups from trusted domains are filtered) or because the sssd is configured to use POSIX attributes, but the object doesn't have them. Increasing the debug_level some more would show more messages, _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
