Hi, I've since discovered overnight that this is related to global
catalog, and the ad_enable_gc setting.
I was not replicating the appropriate attributes to the GC. Setting the
above correctly appears to have fixed things.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1194345
https://fedorahosted.org/sssd/wiki/Troubleshooting - this text specifically:
The POSIX attributes disappear randomly after login
SSSD looks the user's group membership in the Global Catalog to make
sure even the cross-domain memberships are taken into account. Chances
are the POSIX attributes are not replicated to the Global Catalog. You
can disable the Global catalog lookups by disabling the ad_enable_gc
option, but you'll lose cross-domain memberships. Alternatively, modify
the AD schema to replicate the POSIX attribute to the Global Catalog.
So, perhaps some more specific documentation around this in the README,
and upstream, might be a good idea.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
