Hi,
On Tue, Nov 29, 2022 at 8:54 PM Jim Burwell <[email protected]> wrote: > On 11/29/22 01:00, Alexey Tikhonov wrote: > > Hi, > > > On Tue, Nov 29, 2022 at 2:54 AM Jim Burwell <[email protected]> wrote: > >> Hi, >> >> On a CentOS 7 system bound to an AD domain, > > > Single AD domain or multiple/trusted? > > Single domain > Do you use `id_provider = ad`? What is the value of `ldap_use_tokengroups` sssd.conf option? In general, you need to enable `debug_level = 9` in `domain` and `[nss]` sections of sssd.conf and track this lookup in the logs, to see what step missed expected group. > > >> running sssd 1.16.5-10.el7. >> > > Latest should be sssd-1.16.5-10.el7_9.13 > > Yes, haven't tried that one yet because it pulls in some dependencies on > our system that need to be manually resolved. > > > >> >> Some groups are not showing up in a users list of groups. >> >> The group in question which is not showing up is a large group with over >> 5000 members. > > > Did you try with `ignore_group_members = true` in the domain section of > `sssd.conf`? > > Yes. Didn't make a difference. > > > > >> The Windows Server versions are up to date, so I'm not >> sure if the Windows 2k 5000 member limit is the issue or not, or whether >> sssd has a similar max group size limit. >> >> Is there a limitation on either the AD or sssd side for the max number >> of group members? >> >> Thanks, >> >> Jim >> >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue >> > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
