Hi All, I'm working in a proof of concept for a customer where I've been asked to join the child domain of a Microsoft Active Directory domain, child.example.com. Users will primarily exist in the parent, example.com, but some users will also exist in the child. The application requires that all users have a specific primary GID, 1100, which is defined in /etc/group and I'm attempting to apply via override_gid.
User authentication via either the child or parent is successful, however, the override_gid is only applied to users of the child, @child.example.com and NOT for users of the parent, @example.com. I saw what looked to be a similar post to this list from Sep 2018. It was suggested this may be a bug. I didn't see a follow-up/resolution to that thread. Is this issue being tracked or has it been resolved? Below is my sssd.conf: [root@linux2 sssd]# cat sssd.conf [sssd] domains = child.example.com config_file_version = 2 services = nss, pam default_domain_suffix = EXAMPLE.COM [domain/child.example.com] ad_domain = child.example.com krb5_realm = CHILD.EXAMPLE.COM realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ad ad_access_filter = FOREST:example.com: (memberOf:1.2.840.113556.1.4.1941:=CN=LinuxUsers,ou=Groups,dc=child,dc=example,dc=com) auth_provider = ad chpass_provider = ad ldap_schema = ad override_gid = 1100 CentOS Version: [root@linux2 sssd]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) SSSD Component Versions: [root@linux2 sssd]# rpm -qa |grep sssd sssd-common-pac-1.16.2-13.el7_6.8.x86_64 sssd-ldap-1.16.2-13.el7_6.8.x86_64 python-sssdconfig-1.16.2-13.el7_6.8.noarch sssd-client-1.16.2-13.el7_6.8.x86_64 sssd-krb5-common-1.16.2-13.el7_6.8.x86_64 sssd-ipa-1.16.2-13.el7_6.8.x86_64 sssd-krb5-1.16.2-13.el7_6.8.x86_64 sssd-dbus-1.16.2-13.el7_6.8.x86_64 sssd-proxy-1.16.2-13.el7_6.8.x86_64 sssd-tools-1.16.2-13.el7_6.8.x86_64 sssd-common-1.16.2-13.el7_6.8.x86_64 sssd-ad-1.16.2-13.el7_6.8.x86_64 sssd-1.16.2-13.el7_6.8.x86_64 Thanks, -Josh
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
