[Freeipa-users] Group membership not populated
Jakub Hrozek
jhrozek at redhat.com
Fri Nov 14 14:56:15 UTC 2014
On Fri, Nov 14, 2014 at 12:10:59PM +0000, Darren Poulson wrote:
> Hi,
>
> I'm currently having an issue where if I log in as a user on a freshly rebooted machine, their group membership is not populated, so things like sudo do not work properly. If I do a getent group <group>, log out and log back in again, then it works properly.
>
> for example
>
> -sh-4.1$ groups dpoulson
> dpoulson : dpoulson ops_admins helpdesk
> -sh-4.1$ getent group ops_users
> ops_users:*:50130:dpoulson,anotheruser,andanother,etc
Is ops_users an IPA group that dpoulsen is a member of (or maybe some AD
trust group or a local UNIX group)?
> -sh-4.1$ groups dpoulson
> dpoulson : dpoulson ops_admins helpdesk ops_users
> -sh-4.1$ groups
> dpoulson ops_admins helpdesk
>
> <logout/login>
>
> -sh-4.1$ groups
> dpoulson helpdesk ops_admins ops_users
Taking the missing ops_users group out of the picture, this is expected,
memberships are set on login only.
>
> (the user is actually meant to be a member of 6 groups)
Can you paste ipa user-show dpoulson?
More information about the Freeipa-users
mailing list