Closed kragebein closed 4 months ago
Hi,
can you try to add
ldap_ignore_unreadable_references = True
to the [domain/...] section of sssd.conf
on the host with issues and try again?
HTH
bye, Sumit
Suprisingly this worked. I was sure i have tested this, but now after clearing the cache this seems to be working. Thanks for the quick reply.
I'm having an issue where never versions of SSSD is failing to lookup and map AD groups. Instead of group names, we're returned SIDs of the group.
I have two servers, server A [Ubuntu 24.04, SSSD 2.9.4] and server B [Ubuntu 22.04 SSSD 2.6.3] Server B doesnt have this issue, where as server A has it. Double checked this with Ubuntu 23.10, but forgot to check SSSD version on that, but the problem exists on Ubuntu 23.10 as well.
For example The below is generated using
id <username> | sed 's/,/\n/g' |sort
. In total there are 93 groups, but on sssd 2.9.4, 38 of them returns with SID instead of group name.The groups themselves are set up in exactly the same way. Similar attributes, security etc. There is nesting, but not deep enough to cause issues.
Above, i've attached logs from sssd (using
sssctl analyze request show <id>
) These logs represent me trying to lookup a group viagetent group sys_servers_remote
It works just fine on ubuntu 22.04, but returns nothing on Ubuntu 24.04.Meanwhile, sssd config, nss and krb
The configs above are identical on both servers. They are created using packer, and configured via salt. So they should be identical in all ways that matter with exception from hostnames and ips.
So any help or suggestions to what might be the cause of this, or how to fix it is greatly appreciated.