This configuration parameter specifies a set of one or more groups that the Centrify NSS module will ignore for lookup in Active Directory.

In most cases, this configuration parameter’s value is generated automatically by group policy.

If you select the Specify group names to ignore policy and click Enabled, you can type the list of local group names not stored in Active Directory. The list you specify for the group policy is then stored in the /etc/centrifydc/group.ignore file and used to automatically generate the /etc/centrifydc/gid.ignore file. These files are then used to disable looking up account information in Active Directory for the groups specified, which results in faster name lookup service for system group accounts such as tty and disk.

You can, however, set this parameter manually in the configuration file if you aren’t using group policy or want to temporarily override group policy.

If you are manually setting this parameter, the parameter value should be one or more group names, separated by a space, or the file: keyword and a file location. For example:

nss.group.ignore: maintenance apps

A default set of groups to ignore are defined in sample /etc/centrifydc/group.ignore and /etc/centrifydc/gid.ignore files. If you are not using group policies, you can uncomment the nss.group.ignore parameter in the /etc/centrifydc/centrifydc.conf file to ignore the default set of groups.

Note:   If you plan to edit the group.ignore file, be sure to run the adreload command after modifying the file to have the changes take effect.