Hello, I've begun to see the oddest thing within our AD environment on Linux clients (Ubuntu 20, 22).
During logins I see "groups: cannot find name for group ID".
Then during various operations (eg when installing a package that has scripts that create local users, such as postgresql) I see a few of the same userIDs listed as terminal output like this:
Couldn't invalidate user jim.bob@domain.college.edu Couldn't invalidate user sally.sue@domain.college.edu Couldn't invalidate user joe.nobody@domain.college.edu
Reading through what little comes up in Google for 'Couldn't invalidate user' + sssd, I found old bugs about not being able to invalidate groups in the sss_cache. That got me far enough to have a repeatable action to force this output:
# sss_cache -UG Couldn't invalidate user jim.bob@domain.college.edu Couldn't invalidate user sally.sue@domain.college.edu Couldn't invalidate user joe.nobody@domain.college.edu
I've tried ramping up debugging on my AD domain entry in sssd.conf to 9 but I'm not seeing anything that jumps out.
Any ideas?
Thanks!