> On Thu, Oct 20, 2016 at 04:46:01PM +1100, Robert Sturrock wrote: > […] > > However, when I try logging in as a student domain user > > (student.example.au), > > I don't see any of the groups (there should be 8): > > > > $ ssh -l rnst student example au ipa-client-rh7.ipa.example.au > > [rnst ipa-client-rh7 ~]$ groups > > rnst > > > > Is this expected behaviour? Is there a possible client configuration that > > will support our AD forest setup or is this simply not possible? > > What you did is quite correct, but unfortunately works only with > RHEL-7.3 or newer as it requires sssd-1.14 or newer, sorry.
I tried the same configuration on FC24, which has sssd-1.14.1-3, but it didn’t work for the student domain either: $ ssh -l r...@student.example.au ipa-client-fc24.ipa.example.au -sh-4.3$ groups rnst Is the version shipping with RHEL7.3 likely to be different? Regards, Robert. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project