I'm trying to obtain group membership of accounts that login via SSSD against an AD environment (id_provider = ldap, auth_provider = krb5). Authentication completes successfully and the UID and GID values are correct for the logged in user account:
uid=1113938(username) gid=1000 groups=1000 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 but where there is "context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" there should be a list of user-managed groups that the user is a member of. These groups are contained in an Active Directory environment. A debug log (debug_level = 6) shows the following segment which repeats on and on: (Mon Apr 27 16:34:16 2020) [sssd[nss]] [nss_getby_id] (0x0400): Input ID: 0 (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_send] (0x0400): CR #33674: New request 'User by ID' (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_select_domains] (0x0400): CR #33674: Performing a multi-domain search (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_domains] (0x0400): CR #33674: Search will check the cache and check the data provider (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_set_domain] (0x0400): CR #33674: Using domain [implicit_files] (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_send] (0x0400): CR #33674: Looking up UID:0@implicit_files (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674: Checking negative cache for [UID:0@implicit_files] (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674: [UID:0@implicit_files] does not exist (negative cache) (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_set_domain] (0x0400): CR #33674: Using domain [AD.EXAMPLE.EDU] (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_send] (0x0400): CR #33674: Looking up UID:[email protected] (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674: Checking negative cache for [UID:[email protected]] (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #33674: [UID:[email protected]] does not exist (negative cache) (Mon Apr 27 16:34:16 2020) [sssd[nss]] [cache_req_process_result] (0x0400): CR #33674: Finished: Not found I can query the AD using ldapsearch and get a group membership list, but I can't seem to get that data using SSSD. What sssd.conf option should I be using to successfully obtain this data? Thanks, Mike _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
