Good afternoon,

 

I have run into an issue on Cent 7 with sssd configured for AD auth.  I am able to auth via AD usernames and passwords without issue and can “getent group MOSTGROUPS”.  But I have run into an issue where there are some groups that are not being seen / discovered / enumerated etc.

 

ID of a validated username will display most of the groups, but there are some groups that are not listed which are also those are also the ones that fail getent group.  I cannot find a pattern in what groups fail to enumerate.  At first I thought it was length, but there are group names over 20 characters that succeed.

 

EX.  ID of user1:

 

Group1, group 2, group 5

 

Getent group group1

Username list!

 

Getent group “Group 2”

Username list!

 

Getent group group3 (user is a long time member of group in AD)

Blank output

 

Strace reveals that the command exited with status 2.  Nothing is logged in sssd_DOMAIN.log

 

Please let me know where to look next, thank you.

 

 

Mike Karich

IT Manager

Center for Vital Longevity

1600 Viceroy Rd

Dallas, TX 75235

 

mkarich@utdallas.edu

P: 972-883-3745 C: 972-757-3299

 

CVL IT Assistance: CVLTech@utdallas.edu