#1666 IPA Trust does not show secondary groups for AD Users for commands like id and getent
Closed: Fixed None Opened 10 years ago by pbrezina.

https://bugzilla.redhat.com/show_bug.cgi?id=878583 (Red Hat Enterprise Linux 6)

Description of problem:
With IPA Trust environment, AD User secondary group membership is not shown by
commands like id and getent.  Only the primary (mapped) private user group is


On the AD side, "testuser" is a member of "Domain Users" and "testgroup"
groups. However, this does not reflect when `id` is run against "testuser":

[root@ipaserver1 ~]# su - testuser@ad.example.com
-sh-4.1$ id
uid=238801108(testuser@ad.example.com) gid=238801108(testuser@ad.example.com)

The groups exist:

[root@ipaserver1 ~]# getent group AD\\testgroup
[root@ipaserver1 ~]# getent group AD\\'Domain Users'
domain users@ad.example.com:*:238800513:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Setup IPA Server
2.  Setup AD Server, add 2 groups, add user, add user to 2 new groups
3.  ipa-adtrust-install
4.  ipa trust-add <addomain> --admin Administrator --password
5.  id <aduser@addomain>

Actual results:
Does not show secondary AD Groups.

Expected results:
Shows all AD Groups?

Additional info:

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => sbose
status: new => assigned
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.4

Fields changed

patch: 0 => 1

The ticket was fixed in the same patchset as ticket #1672. The patches were:

resolution: => fixed
selected: =>
status: assigned => closed

Metadata Update from @pbrezina:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.4

6 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2708

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.