+++ This bug was initially created as a clone of Bug #867874 +++

Description of problem:
When a system is an AD member, configured for the Active Directory Test Day for Fedora 18[1], I can log into the system with an AD account, so the username is resolved. The name of the primary group of the user, however ('Domain Users') is not resolved.

Version-Release number of selected component (if applicable):
1.9.2-1.fc18

How reproducible:


Steps to Reproduce:
1. Join a system to an AD domain, like for the FTD, see [1]
2. Log in as a user from AD
3. Try and resolve groups
  
Actual results:
Output of id is like this:
$ id
uid=592801111(NONTOONYT\testuser03) gid=592800513 groups=592800513 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Expected results:
Output of id to be like this:
$ id
uid=1001(localuser) gid=1002(localuser) groups=1002(localuser),1001(localgroup) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Additional info:

[1] https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_realmd_join_sssd

--- Additional comment from maxim@wzzrd.com on 2012-10-18 09:43:34 EDT ---

Not just about primary group:

[root@f18-client db]# sss_cache -U -G
[root@f18-client db]# id NONTOONYT\\testuser02
uid=592801110(NONTOONYT\testuser02) gid=592800513 groups=592800513,592801132,592801133

--- Additional comment from stefw@redhat.com on 2012-10-18 10:16:27 EDT ---

My primary group name is resolved, but others not:

uid=535601104(RADI08\swalter) gid=535600513(RADI08\domain users) groups=535600513(RADI08\domain users),535600512,535600572 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

--- Additional comment from stijn@sandcat.nl on 2012-10-18 10:20:47 EDT ---

I see the same as Maxim, no group is resolved.

[root@pclin282 ~]# sss_cache -U -G
[root@pclin282 ~]# id TUE\\shoop
uid=1579415011(TUE\shoop) gid=1579400513 groups=1579400513,1579473836,1579538705,1579448448,1579553386,1579428775,1579437677,1579429452,1579448447,1579583761,1579422111,1579423170,1579432939,1579400520,1579430980,1579422100,1579499949,1579567116,1579476603,1579431050,1579560682,1579402481

--- Additional comment from stefw@redhat.com on 2012-10-18 10:57:24 EDT ---

(In reply to comment #2)
> My primary group name is resolved, but others not:
> 
> uid=535601104(RADI08\swalter) gid=535600513(RADI08\domain users)
> groups=535600513(RADI08\domain users),535600512,535600572
> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

On a later login on the same machine (no reboots or anything) the primary group is no longer resolved:

id: cannot find name for group ID 535600513
[RADI08\swalter@live-user ~]$ id
uid=535601104(RADI08\swalter) gid=535600513 groups=535600513,535600512,535600572 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

--- Additional comment from jhrozek@redhat.com on 2012-10-18 11:15:42 EDT ---

Please include debug_level=10 into the [nss] and [domain/$name] sections of the SSSD, restart the SSSD and then attach the contents of /var/log/sssd/

Thank you!

--- Additional comment from stefw@redhat.com on 2012-10-19 01:47:50 EDT ---

Created attachment 629776 [details]
sssd logs that were requested.

I logged in as RADI08\swalter. In this case the primary group resolved, but not secondary groups. 

I then restarted sssd.

Next I logged in as RADI08\fry. No groups resolved.

uid=535601115(RADI08\fry) gid=535600513 groups=535600513,535601127,535601128 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Next I logged in again as RADI08\swalter. No groups resolved for swalter this time.

uid=535601104(RADI08\swalter) gid=535600513 groups=535600513,535600512,535600572 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

--- Additional comment from dpal@redhat.com on 2012-10-19 08:59:19 EDT ---

Upstream ticket:
https://fedorahosted.org/sssd/ticket/1590