On Mon, May 11, 2020 at 02:16:56PM -0500, Spike White wrote:
> All,
>
> For RHEL7 and RHEL8 sssd, it can see domain-local AD groups (from the local
> domain) + global groups (from the local domain) + universal groups (from
> all trusted domains).
>
> Yet it cannot see global groups from non-local trusted domains. We have
> those team convert the group to universal groups and problem solved.
> (don't use many global groups anyway),
>
> Is this expected behaviour?
>
> in the /etc/sssd/sssd.conf file, the local domain is defined and then the
> other trusted domains are auto-discovered. so that it's searching the GC
> to find universal group memberships. I mention the trusted domains in
> "domain_resolution_order".
>
> Like I say -- this is not a big problem. We rarely use global groups
> anyway. Just curious if this is expected behaviour.
Hi,
in general this is not expected, global groups from other domains should
just work fine.
Do those groups not work at all, i.e
getent group groupn...@other.ad.domain
does not work at all or are no members listed or does the group does not
show up in the groupmembership list of a user?
bye,
Sumit
>
> Spike
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
