Why is sssd failing to assign uid and gid to some of the users from Active Directory in Red Hat Enterprise Linux?

Solution Verified - Updated -

Issue

  • Some users from Active Directory Server are able to get their uid and gid, other users are not. Thus they are not able to log in to the Red Hat Enterprise Linux system. After raising debug level in /etc/sssd/sssd.conf , I'm observing following errors in sssd's domain log file:
[sdap_idmap_sid_to_unix] (0x0080): Could not convert objectSID [S-1-5-21-1801674531-2052111302-2146921017-755555] to a UNIX ID
(Mon Dec 30 15:26:27 2013) [sssd[be[server.example.com]]] [sdap_save_user] (0x0040): Failed to save user [username]

or

[sdap_idmap_sid_to_unix] (0x0040): Object SID [S-1-5-21-1801674531-2052111302-2146921017-755555] has a RID that is larger than the ldap_idmap_range_size. See the "ID MAPPING" section of sssd-ad(5) for an explanation of how to resolve this issue.

Environment

  • Red Hat Enterprise Linux 6.x
  • Red Hat Enterprise Linux 7.x
  • IPA - Active Directory Trust
  • Direct AD Integration (id_provider=ad)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In