Hi, I had an issue with group membership being stuck, I had some AD users in an external group which I had then added to the Admin group but when I removed this external group the users retained their Admin group even after deleting the SSSD cache completely on the server/client and restarting SSD, IPA etc and even after leaving it for a few weeks while I vacationed.
I took a look in LDAP and could not see any membership of the group except for the Admin user. On a whim I removed the ipaNTSecurityIdentifier and the ipaNTGroupAttrs attribute from the Admin group and then re-added it exactly as it was and found that the problem was solved however I'm struggling to understand how that could be? I would like to understand how that would fix anything? It seems like it would be completely unrelated. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
