So I recently ran into an issue where we had the following setup:
- Active Directory Domain
- Realm joined RHEL 7 Hosts
- A requirement for UNIX Attributes set in AD
- sshd_config AllowGroups restrictions
However, the RHEL 7 hosts were not able to display secondary/supplementary groups in AD when running id and thus, AllowGroups in sshd was failing.