In most cases, this configuration parameter’s value is generated automatically by group policy.
If you select the Specify group names to ignore policy and click Enabled, you can type the list of local group names not stored in Active Directory. The list you specify for the group policy is then stored in the /etc/centrifydc/group.ignore file and used to automatically generate the /etc/centrifydc/gid.ignore file. These files are then used to disable looking up account information in Active Directory for the groups specified, which results in faster name lookup service for system group accounts such as tty and disk.
You can, however, define this parameter manually in the configuration file if you are not using group policy or want to temporarily override group policy.
If you manually set this parameter, the parameter value should be one or more group identifiers, separated by a space, or the file: keyword and a file location. For example:
nss.gid.ignore: 0 20 5861 nss.gid.ignore=file:/etc/centrifydc/gid.ignore
A default set of groups to ignore are defined in sample /etc/centrifydc/group.ignore and /etc/centrifydc/gid.ignore files. If you edit either file, be sure to run the adreload command after modifying the file to have the changes take effect.