> I would start with comparing logs for a 'working' and a 'non-working'
> client. The config looks OK to me and in general the plain LDAP provider
> should only ever generate the gidNumber value if
> ldap_auto_private_groups is set to True
>
Thanks for answer! There was a local user with same
I have setup with 3 clients and server. Server runs samba as AD and ldap +
kerberos. Clients use sss: 1) fedora with 2.0.0, 2) centos with 1.16.0 and 3)
centos with 1.16.2. All clients use 1:1 sssd.conf. I want sss to use primary
group id from gidNumber record in ldap and I have no issues with