Bill, Same situation here. In our case, it's an overarching global AD domain with 4 regional child domains. One child domain cannot discover the other domains. In specifics, these are the bad sssd versions:
OL7: 1.16.5-10*.0.1*.el7_9.11 RHEL7: 1.16.5-10.el7_9.11 We had to roll back to version 1.16.4 or older and all was good. It was with interest we read this bugzilla that seems relevant: https://bugzilla.redhat.com/show_bug.cgi?id=2032867 However we downloaded this test RPM and tried it on this child domain. It didn't help. Curiously, other child domains can discover all expected domains. Spike On Wed, Feb 2, 2022 at 5:19 PM Bill Conn <[email protected]> wrote: > I'm working on a university's research cluster with nodes that all run > CentOS7 and are joined to the school's Active Directory domain. Our domain > is part of a statewide forest that contains every state university, and we > have used this arrangement to grant cluster access to users from other > Universities to our cluster. > > Recently, a user from outside my Universities domain have said they cannot > log in anymore which caused me to look into this issue. I found that if I > issue an id command for a user in a different domain in the forest, it > gives me the error "no such user". I know that our setup used to work, and > after looking into it and trying to replicate the old and new behavior I > found out that CentOS7 machines with sssd 1.16.4 can get results from other > domains in the forest, but machines with 1.16.5 cannot. > > Is there some setting that changed between these minor versions that would > cause this? Is it possible this is not caused by sssd? I'm testing a node > with CentOS 7.9.2009 which doesn't return other domains in the forest and a > node with CentOS 7.7.1908 which does return results from other domains. > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
