Description of problem: When a system is an AD member, configured for the Active Directory Test Day for Fedora 18[1], I can log into the system with an AD account, so the username is resolved. The name of the primary group of the user, however ('Domain Users') is not resolved. Version-Release number of selected component (if applicable): 1.9.2-1.fc18 How reproducible: Steps to Reproduce: 1. Join a system to an AD domain, like for the FTD, see [1] 2. Log in as a user from AD 3. Try and resolve groups Actual results: Output of id is like this: $ id uid=592801111(NONTOONYT\testuser03) gid=592800513 groups=592800513 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Expected results: Output of id to be like this: $ id uid=1001(localuser) gid=1002(localuser) groups=1002(localuser),1001(localgroup) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Additional info: [1] https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_realmd_join_sssd
Not just about primary group: [root@f18-client db]# sss_cache -U -G [root@f18-client db]# id NONTOONYT\\testuser02 uid=592801110(NONTOONYT\testuser02) gid=592800513 groups=592800513,592801132,592801133
My primary group name is resolved, but others not: uid=535601104(RADI08\swalter) gid=535600513(RADI08\domain users) groups=535600513(RADI08\domain users),535600512,535600572 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
I see the same as Maxim, no group is resolved. [root@pclin282 ~]# sss_cache -U -G [root@pclin282 ~]# id TUE\\shoop uid=1579415011(TUE\shoop) gid=1579400513 groups=1579400513,1579473836,1579538705,1579448448,1579553386,1579428775,1579437677,1579429452,1579448447,1579583761,1579422111,1579423170,1579432939,1579400520,1579430980,1579422100,1579499949,1579567116,1579476603,1579431050,1579560682,1579402481
(In reply to comment #2) > My primary group name is resolved, but others not: > > uid=535601104(RADI08\swalter) gid=535600513(RADI08\domain users) > groups=535600513(RADI08\domain users),535600512,535600572 > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 On a later login on the same machine (no reboots or anything) the primary group is no longer resolved: id: cannot find name for group ID 535600513 [RADI08\swalter@live-user ~]$ id uid=535601104(RADI08\swalter) gid=535600513 groups=535600513,535600512,535600572 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Please include debug_level=10 into the [nss] and [domain/$name] sections of the SSSD, restart the SSSD and then attach the contents of /var/log/sssd/ Thank you!
Created attachment 629776 [details] sssd logs that were requested. I logged in as RADI08\swalter. In this case the primary group resolved, but not secondary groups. I then restarted sssd. Next I logged in as RADI08\fry. No groups resolved. uid=535601115(RADI08\fry) gid=535600513 groups=535600513,535601127,535601128 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Next I logged in again as RADI08\swalter. No groups resolved for swalter this time. uid=535601104(RADI08\swalter) gid=535600513 groups=535600513,535600512,535600572 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Upstream ticket: https://fedorahosted.org/sssd/ticket/1590
sssd-1.9.2-3.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/sssd-1.9.2-3.fc18
Package sssd-1.9.2-3.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing sssd-1.9.2-3.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-17359/sssd-1.9.2-3.fc18 then log in and leave karma (feedback).
sssd-1.9.2-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.