Hi,
On Thu, Feb 3, 2022 at 12:19 AM Bill Conn <Bill.Conn(a)usd.edu> wrote:
I'm working on a university's research cluster with nodes that all run CentOS7
and are joined to the school's Active Directory domain. Our domain is part of a
statewide forest that contains every state university, and we have used this arrangement
to grant cluster access to users from other Universities to our cluster.
Recently, a user from outside my Universities domain have said they cannot log in anymore
which caused me to look into this issue. I found that if I issue an id command for a user
in a different domain in the forest, it gives me the error "no such user". I
know that our setup used to work, and after looking into it and trying to replicate the
old and new behavior I found out that CentOS7 machines with sssd 1.16.4 can get results
from other domains in the forest, but machines with 1.16.5 cannot.
What exact SSSD version 1.16.5 based machines have?
Is there some setting that changed between these minor versions that would cause this?
Is it possible this is not caused by sssd? I'm testing a node with CentOS 7.9.2009
which doesn't return other domains in the forest and a node with CentOS 7.7.1908 which
does return results from other domains.