IPA POSIX groups are occasionally missing but AD groups are still visible

Solution Verified - Updated -

Issue

  • Logins and sudo actions relying on the IPA groups to be available randomly fail.
  • the groups defined in IPA are not visible, but the AD groups are still listed.

Environment

  • Red Hat Enterprise Linux 7
    • SSSD specifically at version sssd-1.16.5-10.el7_9.7
  • Red Hat Enterprise Linux 8
    • sssd-2.4.0-4.el8
  • IPA/AD configuration:
    • IPA server with trust relationship with Active Directory
    • AD domains are checked first in the domain resolution order
    • Effected user is a member of an IPA external group and an IPA POSIX group.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content