Percona PAM with AD authentication using SSSD

I have installed Percona PAm plugin on my Percona server as shown below: mysql> show plugins; ... | auth_pam | ACTIVE | AUTHENTICATION | auth_pam.so | GPL | | auth_pam_compat | ACTIVE | AUTHENTICATION | auth_pam_compat.so | GPL | +-------------------------------+----------+--------------------+--------------------+---------+ And also have this configured: cat /etc/pam.d/mysqld auth required pam_sss.so account required pam_sss.so I have a group on the AD server called "dba", and added an AD user 'john.d' in this group. So I would like to log into MySQL using AD users e.g., john.d, who should also inherit all privileges granted to the "dba" group. Below is how this AD group, "dba", is a setup to allow its users access the Percona server: CREATE USER ''@'' IDENTIFIED WITH auth_pam AS 'mysqld,dba=dbarole'; CREATE USER 'dbarole'@'%' IDENTIFIED BY 'dbapass'; GRANT ALL PRIVILEGES ON *.* TO 'dbarole'@'%'; GRANT PROXY ON 'dbarole'@'%' TO ''@''; When I log into MySQL as dbarole, everything works well with all granted privileges. But when I log in as john.d, one of the AD users included into the "dba" AD group, this user does not inherit the privileges (ALL) granted to its group, but only has the USAGE privilege as shown below: mysql> show grants; +-----------------------------------+ | Grants for @ | +-----------------------------------+ | GRANT USAGE ON *.* TO ''@'' | | GRANT PROXY ON 'dba'@'%' TO ''@'' | +-----------------------------------+ 2 rows in set (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | +--------------------+ 1 row in set (0.01 sec) My Question is, how can I get an AD user to inherit privileges granted to their group in MySQL?