On Tue, Mar 17, 2015 at 02:48:25PM +0100, Domenico Viggiani wrote:
> -----Original Message-----
> So far it looks like a bug in SSSD. Are you using ID mapping?
> (ldap_id_mapping either True or unset).
# cat /etc/sssd/sssd.conf
[sssd]
domains =
MYDOMAIN.COM
config_file_version = 2
services = nss, pam
default_domain_suffix=
MYDOMAIN.COM
debug_level = 7
[pam]
debug_level = 7
[
domain/MYDOMAIN.COM]
ad_domain =
MYDOMAIN.COM
krb5_realm =
MYDOMAIN.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
# use_fully_qualified_names = True
fallback_homedir = /home/AD/%u
override_homedir = /home/AD/%u
access_provider = simple
simple_allow_groups = ITAD
debug_level = 7
Then I'm 100% sure we have a bug. The group shouldn't have the non-posix
flag after it was updated.
Can you tell us anything about this group:
(Mon Mar 16 16:57:52 2015) [sssd[be[MYDOMAIN.COM]]] [sdap_save_group]
(0x1000): Mapping group [Organigramma] objectSID
[S-1-5-21-2248061571-2151176789-1472819363-28039] to unix ID
Is it from the same domain? What type does the group have?