All,
For RHEL7 and RHEL8 sssd, it can see domain-local AD groups (from the local domain) + global groups (from the local domain) + universal groups (from all trusted domains).
Yet it cannot see global groups from non-local trusted domains. We have those team convert the group to universal groups and problem solved. (don't use many global groups anyway),
Is this expected behaviour?
in the /etc/sssd/sssd.conf file, the local domain is defined and then the other trusted domains are auto-discovered. so that it's searching the GC to find universal group memberships. I mention the trusted domains in "domain_resolution_order".
Like I say -- this is not a big problem. We rarely use global groups anyway. Just curious if this is expected behaviour.
Spike
sssd-users@lists.fedorahosted.org