I have an IPA domain (
ipa.engr.tamu.edu) that has a one-way trust with an AD domain
(
engr.tamu.edu). I've created a POSIX group called 'linux_team' that contains
an external group called 'linux_team_ext', which itself contains the AD group
linux_team(a)engr.tamu.edu (from the trusted domain). When I run a 'getent group
linux_team', I get nothing back at all. However, it seems that from the logs it does
fetch all of the group members:
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-william.luke(a)engr.tam
u.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-andrew.eggleston@engr
.tamu.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-blake.dworaczyk@engr.
tamu.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-david.miller(a)engr.tam
u.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-j.polasek(a)engr.tamu.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-matthew.mjelde(a)engr.tamu.edu] to [overridememberUid].
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): No
override name available.
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [sysdb_add_group_member_overrides] (0x4000): Added
[coe-steve.herring(a)engr.tamu.edu] to [overridememberUid].
Ultimately I see this log entry:
(Fri Aug 16 16:16:37 2019) [sssd[nss]] [nss_get_grent] (0x0040): Incomplete group object
for linux_team(a)engr.tamu.edu[0]! Skipping
I've tested the trust relationship and it seems to work fine. I've also added a
user override to the 'Default Trust View' and I'm able to fetch the user
without a problem. Everything except for group membership from the trusted AD domain seems
to be working.
Here are the complete logs:
https://drive.google.com/file/d/164_zRBreVtA4P9-MZ0r8MIx-ElFOful-/view?us...