Am Mon, Feb 07, 2022 at 09:38:04AM -0600 schrieb Russell Jones: > Thanks! I did end up finding that configuration. Setting it to false did > fix the issue. > > To be honest, I don't really understand the point of that configuration > option.
Hi, in RHEL-8 SSSD will handle user and groups from /etc/passwd and /etc/group by default as well. Unfortunately there is an issue is groups and members are coming from different domains as in your case (local group, remote users). As a result SSSD can still resolve the local group but not add the corresponding remote members. 'enable_files_domain = false' will switch off the handling of the local files in SSSD and let glibc and the nss modules collect the group members. HTH bye, Sumit > > On Mon, Feb 7, 2022 at 3:13 AM Sumit Bose via FreeIPA-users < > [email protected]> wrote: > > > Am Thu, Jan 27, 2022 at 04:06:19PM -0600 schrieb Russell Jones via > > FreeIPA-users: > > > Hi all, > > > > > > I am very confused on why I am not able to enumerate the group members > > on a > > > centos 8 machine with the above command, but I can on a centos 7 machine. > > > > > > [root@centos8-1 log]# getent group -s sss video > > > video:x:39: > > > > > > [root@centos7-n11 log]# getent group -s sss video > > > video:*:39:<lots of users> > > > > > > Both are configured with the same sssd.conf file, and both have > > "enumerate > > > = True" in the domain section. > > > > > > In addition, if I just do "getent group" without the "-s sss" the group > > and > > > all of its members show up properly on both machines. > > > > > > Super confused here. Thanks in advance for the help! > > > > Hi, > > > > can you try if setting > > > > enable_files_domain = false > > > > in the [sssd] section in sssd.conf on centos 8 helps? > > > > bye, > > Sumit > > > > > _______________________________________________ > > > FreeIPA-users mailing list -- [email protected] > > > To unsubscribe send an email to > > [email protected] > > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > _______________________________________________ > > FreeIPA-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
