SSSD-1.15.2-50 get only SID not the name of groups

Issues related to applications and software problems
Post Reply
Sideris
Posts: 3
Joined: 2018/11/08 10:00:49

SSSD-1.15.2-50 get only SID not the name of groups

Post by Sideris » 2018/11/08 10:43:37

Hi everybody,

I have a problem when i join a Centos 7 server on a domain with realmd.
When I join the domain and i want to show user groups i see only SID of Active Directory's groups:

Code: Select all

[root@XXXXXX sssd]# id -a XXXXXX
uid=952202101(XXXX) gid=952200513(domain users) groups=952200513(domain users),295201106(s-1-5-21-1159230774-77703294-3531909426-1106@ieg.fr),295201107(s-1-5-21-1159230774-77703294-3531909426-1107@ieg.fr),952201111(s-1-5-21-4166913631-2348568608-1696987372-1111),952201109(s-1-5-21-4166913631-2348568608-1696987372-1109),952200512(s-1-5-21-4166913631-2348568608-1696987372-512),952201108(s-1-5-21-4166913631-2348568608-1696987372-1108),952200572(s-1-5-21-4166913631-2348568608-1696987372-572)
</s>Informations:
Release: CentOS Linux release 7.5.1804 (Core)
Kernel: 3.10.0-693.el7.x86_64

SSSD packages:
sssd-client-1.15.2-50.el7.x86_64
sssd-proxy-1.15.2-50.el7.x86_64
sssd-common-pac-1.15.2-50.el7.x86_64
sssd-krb5-common-1.15.2-50.el7.x86_64
sssd-krb5-1.15.2-50.el7.x86_64
sssd-common-1.15.2-50.el7.x86_64
sssd-ad-1.15.2-50.el7.x86_64
sssd-1.15.2-50.el7.x86_64
sssd-ipa-1.15.2-50.el7.x86_64
python-sssdconfig-1.15.2-50.el7.noarch
sssd-ldap-1.15.2-50.el7.x86_64
This is all test i make:
- Clean SSSD cache (sss_cache -E and rm -rf /var/lib/sss/db/*) and RE-join the domain -> Not OK
- Clean system Cache and sssd cache and Re-join the domaine -> Not OK
- Join the domain as domain Administrator -> Not OK
- Set debug_level to 9 on SSSD configuration, look at on error -> i didn't see specific errors
- Compare configuration in a another server which work (in another plateform) -> Same config files

I attach the anonymized log.
Infra:
5 DC in infra:
DC01 & DC04: Domain controller of root.fr
DC02 & DC05: Domain controller of toto.root.fr
DC03: RODC of toto.root.fr
Is a configuration needed on the ad for sssd?
Actually, all DC firewall are disabled
What other tests can I do?
Attachments
sssd_toto.root.fr.7z
Log SSSD mod debug level 9
(182.03 KiB) Downloaded 35 times

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SSSD-1.15.2-50 get only SID not the name of groups

Post by TrevorH » 2018/11/08 11:54:09

Start by updating to CentOS 7.5. Your sssd packages are all 7.4 ones. 7.5 uses sssd 1.16.0-19.el7_5.8 not 1.15.2-50.el7 through 1.15.2-50.el7_4.11 which were all 7.4 versions. You should run yum update to get everything up to date.

7.6 is just around the corner.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Sideris
Posts: 3
Joined: 2018/11/08 10:00:49

Re: SSSD-1.15.2-50 get only SID not the name of groups

Post by Sideris » 2018/11/09 07:51:31

Hi,

Thanks for the reply, i forgot to mention this requirement, I'm in an offline Production.
All recents packages available in our yum repo are installed.

And in another infrastruture, it's works with the same packages. I compare both machine of each infra, nothing change.

Regards,

Post Reply