Implemented AD/KRB/SSSD with both RH6 and RH7. RH7 no issues, as we are using auto_private_groups that was added to 1.16.1.
In RH6 the issue ( sssd 1.13 ) is, that all users getting the same groups and it is a clear security gap. The only way to avoid this, based on the KB articles, is to use AD posix attributes. If we don't waht to use this setup, is there any other recommended way ? The example of user/group representation, where all users getting the same gid=273200513(domain users) : id username uid=2755191114(ncircle) gid=273200513(domain users) groups=273200513(domain users) _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org