My question is about using Puppet to manage RHEL6 users' local group memberships when the users are served from AD using Winbind.
I have RHEL6 x86_64 machines joined to a Windows 2003-level domain using Winbind with Kerberos for auth.
To add a user-type to a local group, it appears that all groups are evaluated and are subsequently "not found" for the winbind-provided groups, which causes managing a user's group properties with the default of attribute_membership of minimum to fail.
Have there been any known work arounds? (I think I'm hitting issue 1583: