In Active Directory all users are by default members of the group 513 / Domain Users. But when using SSSD against AD with no Identity Management for Unix Role Service enabled the group name for the group ID 513 is not found. It would be helpful if SSSD would handle this case without the need to add the domain users group to each client's /etc/groups.
For the record, nss-pam-ldapd has related functionality, as described in:
milestone: NEEDS_TRIAGE => SSSD Deferred
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=755471
rhbz: => 0
Putting in needs triage. Seems like it belongs to 1.9.
milestone: SSSD Deferred => NEEDS_TRIAGE
milestone: NEEDS_TRIAGE => SSSD AD Extensions Feature
owner: somebody => sgallagh
We don't plan to special-case the "Domain Users" group. Either the admin needs to add the POSIX attributes, or it needs to be handled by the ID-mapping being done in ticket #996.
resolution: => wontfix
status: new => closed
This use case works now with the AD provider.
type: defect => enhancement
Metadata Update from @myllynen:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD AD Extensions Feature
to comment on this ticket.
Copyright © 2014-2017 Red Hat
3.10.1 — Documentation