SSSD is unable to pull gid from an Active Directory group.

Solution Unverified - Updated -

Issue

  • SSSD is configured to use Kerberos and LDAP.
  • AD admin created a new group for us and populated UNIX attributes with a GID.
  • On Linux client machine we see that sudo is failing with error that user is not in sudoers file, even though we have an include file that set to allow user to execute command via sudo by virtue of being a member of the new group.
  • We are able to do a look up on the group via sssd and net ads search. However the GID field is unavailable when net ads is used and getent does not bring back any results by group name or GID.
  • Is there a range to gid assignment in play here? Is it defined on the client?

Environment

  • Red Hat Enterprise Linux 6.4
  • sssd-1.9.2-82.7.el6_4.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.