I have a problem when i join a Centos 7 server on a domain with realmd.
When I join the domain and i want to show user groups i see only SID of Active Directory's groups:
Code: Select all
[root@XXXXXX sssd]# id -a XXXXXX
uid=952202101(XXXX) gid=952200513(domain users) groups=952200513(domain users),295201106(s-1-5-21-1159230774-77703294-3531909426-1106@ieg.fr),295201107(s-1-5-21-1159230774-77703294-3531909426-1107@ieg.fr),952201111(s-1-5-21-4166913631-2348568608-1696987372-1111),952201109(s-1-5-21-4166913631-2348568608-1696987372-1109),952200512(s-1-5-21-4166913631-2348568608-1696987372-512),952201108(s-1-5-21-4166913631-2348568608-1696987372-1108),952200572(s-1-5-21-4166913631-2348568608-1696987372-572)
This is all test i make:</s>Informations:
Release: CentOS Linux release 7.5.1804 (Core)
Kernel: 3.10.0-693.el7.x86_64
SSSD packages:
sssd-client-1.15.2-50.el7.x86_64
sssd-proxy-1.15.2-50.el7.x86_64
sssd-common-pac-1.15.2-50.el7.x86_64
sssd-krb5-common-1.15.2-50.el7.x86_64
sssd-krb5-1.15.2-50.el7.x86_64
sssd-common-1.15.2-50.el7.x86_64
sssd-ad-1.15.2-50.el7.x86_64
sssd-1.15.2-50.el7.x86_64
sssd-ipa-1.15.2-50.el7.x86_64
python-sssdconfig-1.15.2-50.el7.noarch
sssd-ldap-1.15.2-50.el7.x86_64
- Clean SSSD cache (sss_cache -E and rm -rf /var/lib/sss/db/*) and RE-join the domain -> Not OK
- Clean system Cache and sssd cache and Re-join the domaine -> Not OK
- Join the domain as domain Administrator -> Not OK
- Set debug_level to 9 on SSSD configuration, look at on error -> i didn't see specific errors
- Compare configuration in a another server which work (in another plateform) -> Same config files
I attach the anonymized log.
Is a configuration needed on the ad for sssd?Infra:
5 DC in infra:
DC01 & DC04: Domain controller of root.fr
DC02 & DC05: Domain controller of toto.root.fr
DC03: RODC of toto.root.fr
Actually, all DC firewall are disabled
What other tests can I do?