On Mon, 2022-08-08 at 12:01 -0400, Ranbir via FreeIPA-users wrote: > It's the CentOS 7 client that's also reporting not being able to find > the name for the admin group ID.
After a lot of testing, I've narrowed the problem down to when I use ID Views. As soon as I've applied an ID View on a server for a user that changes that user's UID, the group ID error rears its ugly head. I managed to replicate the same behaviour on Ubuntu 18, Ubuntu 22, CentOS 7, Rocky Linux 8 and AlmaLinux 9. I haven't seen this issue in older releases of freeipa/IdM and I don't believe I've made any configuration mistakes. Here's what the general sssd.conf looks like on the clients: [domain/idm.tld.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = idm.tld.com ipa_server = _srv_, derpmaster01.idm.tld.com ipa_hostname = derpclient01.idm.tld.com id_provider = ipa auth_provider = ipa chpass_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ldap_sudo_full_refresh_interval = 10800 ldap_sudo_smart_refresh_interval = 450 entry_cache_timeout = 3600 entry_cache_sudo_timeout = 900 refresh_expired_interval = 2700 [domain/idm.tld.com/corp.ad.tld.com] ad_site = site1 [sssd] services = nss, sudo, pam, ssh domains = idm.tld.com [nss] entry_cache_nowait_percentage = 75 default_shell = /bin/bash [pam] [sudo] [autofs] [ssh] [pac] [ifp] [session_recording] Here's the sssd.conf config on the masters: [domain/idm.tld.com] id_provider = ipa ipa_server_mode = True ipa_server = derpmaster03.idm.tld.com ipa_domain = idm.tld.com ipa_hostname = derpmaster03.idm.tld.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True krb5_store_password_if_offline = True ldap_tls_cacert = /etc/ipa/ca.crt subdomain_homedir = /folk/%u sudo_provider = ipa autofs_provider = ipa subdomains_provider = ipa session_provider = ipa hostid_provider = ipa [domain/idm.tld.com/corp.ad.tld.com] ad_site = site2 [domain/corp.ad.tld.com] ignore_group_members = True subdomain_inherit = ignore_group_members [sssd] services = nss, pam, ssh, sudo, ifp domains = idm.tld.com [nss] homedir_substring = /home memcache_timeout = 600 [pam] [sudo] [autofs] [ssh] [pac] [ifp] allowed_uids = ipaapi, root [session_recording] Am I doing something incorrectly? -- Ranbir _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
