On Thu, Apr 13, 2017 at 1:56 AM, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
You can try:
truncate --size 0 /var/log/sssd/*
sss_debuglevel 9
sss_cache -E
getent group $groupname
sss_debuglevel 0
Thanks, I did not know about the sss_debuglevel command. I will give this a
try.
It's already done, actually. The id_provider=ad defaults to
altorithmically mapping UIDs and GIDs from Windows SIDs (see the section
"ID MAPPING" in the sssd-ad manpage). So I think the only reason the
group could have been marked as non-POSIX (and at that point, the group
being non-POSIX is just internal SSSD lingo) could be the group type
which would only be shown with a higher debug level I think.
Joshua Schaeffer