SSSD, AD UNIX Attributes, and SSH AllowGroups

So  I recently ran into an issue where we had the following setup:

  • Active Directory Domain
  • Realm joined RHEL 7 Hosts
  • A requirement for UNIX Attributes set in AD
  • sshd_config AllowGroups restrictions

However, the RHEL 7 hosts were not able to display  secondary/supplementary groups in AD when running id and thus, AllowGroups in sshd was failing.

Continue reading “SSSD, AD UNIX Attributes, and SSH AllowGroups”