On 06.06.23 08:42, Ronald Wimmer via FreeIPA-users wrote:
We do have the problem that a user from an AD group does not show up
in IPA whereas all other users of this particular group do. The AD
group is used for PAM authorization in Apache.
The AD group is correctly mapped in IPA. However, the AD group is a
domain local group. (shouldn't these groups not work at all in
combination with IPA?)
The only thing we saw immediately in the log files was "user not known
to the underlying PAM module". What else should we look for?
We will, of
course, follow the SSSD troubleshooting steps
(
https://sssd.io/troubleshooting/basics.html ) but we did not have time
to do so up to this moment.