Hello,
I've begun to see the oddest thing within our AD environment on Linux clients
(Ubuntu 20, 22).
During logins I see "groups: cannot find name for group ID".
Then during various operations (eg when installing a package that has scripts
that create local users, such as postgresql) I see a few of the same userIDs
listed as terminal output like this:
Couldn't invalidate user jim....@domain.college.edu
Couldn't invalidate user sally....@domain.college.edu
Couldn't invalidate user joe.nob...@domain.college.edu
Reading through what little comes up in Google for 'Couldn't invalidate user' +
sssd, I found old bugs about not being able to invalidate groups in the
sss_cache. That got me far enough to have a repeatable action to force this
output:
# sss_cache -UG
Couldn't invalidate user jim....@domain.college.edu
Couldn't invalidate user sally....@domain.college.edu
Couldn't invalidate user joe.nob...@domain.college.edu
I've tried ramping up debugging on my AD domain entry in sssd.conf to 9 but I'm
not seeing anything that jumps out.
Any ideas?
Thanks!
--
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue