I have an FreeIPA domain (
ipa.engr.tamu.edu) that has a one-way trust with an AD domain
(
engr.tamu.edu). I've created a POSIX group called 'linux_team' that contains
an external group called 'linux_team_ext', which itself contains the AD group
linux_team(a)engr.tamu.edu (from the trusted domain). When I perform a 'getent group
linux_team', I get no results. When looking at the debug logs, I see that SSSD does
fetch all of the users from the group:
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-william.luke(a)engr.tam
u.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-andrew.eggleston@engr
.tamu.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-blake.dworaczyk@engr.
tamu.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-david.miller(a)engr.tam
u.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-j.polasek(a)engr.tamu.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-matthew.mjelde(a)engr.tamu.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-steve.herring(a)engr.tamu.edu] to [overridememberUid].
However, I ultimately see this line:
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [nss_get_grent] (0x0040): Incomplete group object
for linux_team(a)engr.tamu.edu[0]! Skipping
I've tested the trust relationship and it appears to work fine; I am able to create
view overrides and fetch users from the domain without any problem.
The complete logs are here:
https://drive.google.com/file/d/164_zRBreVtA4P9-MZ0r8MIx-ElFOful-/view?us...