Hello,
I've begun to see the oddest thing within our AD environment on Linux clients (Ubuntu
20, 22).
During logins I see "groups: cannot find name for group ID".
Then during various operations (eg when installing a package that has scripts that create
local users, such as postgresql) I see a few of the same userIDs listed as terminal output
like this:
Couldn't invalidate user jim.bob(a)domain.college.edu
Couldn't invalidate user sally.sue(a)domain.college.edu
Couldn't invalidate user joe.nobody(a)domain.college.edu
Reading through what little comes up in Google for 'Couldn't invalidate user'
+ sssd, I found old bugs about not being able to invalidate groups in the sss_cache. That
got me far enough to have a repeatable action to force this output:
# sss_cache -UG
Couldn't invalidate user jim.bob(a)domain.college.edu
Couldn't invalidate user sally.sue(a)domain.college.edu
Couldn't invalidate user joe.nobody(a)domain.college.edu
I've tried ramping up debugging on my AD domain entry in sssd.conf to 9 but I'm
not seeing anything that jumps out.
Any ideas?
Thanks!