I found a solution. Add the following line to [domain/SAMBA]:
ldap_initgroups_use_matching_rule_in_chain = False
AIUI this prevents sssd from using the LDAP operation
1.2.840.113556.1.4.1941 which hasn't been implemented in Samba 4.
Result:
# while : ; do su -c groups foo ; sleep 1 ; done
domusers domadmins devel publish
domusers domadmins devel publish
domusers domadmins devel publish
[...]
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1049186
Title:
sssd sometimes forgets all but one group memberships of a user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1049186/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
