IPA POSIX groups are occasionally missing but AD groups are still visible
Issue
- Logins and sudo actions relying on the IPA groups to be available randomly fail.
- the groups defined in IPA are not visible, but the AD groups are still listed.
Environment
- Red Hat Enterprise Linux 7
- SSSD specifically at version
sssd-1.16.5-10.el7_9.7
- SSSD specifically at version
- Red Hat Enterprise Linux 8
sssd-2.4.0-4.el8
- IPA/AD configuration:
- IPA server with trust relationship with Active Directory
- AD domains are checked first in the domain resolution order
- Effected user is a member of an IPA external group and an IPA POSIX group.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.