[Freeipa-users] Group membership not populated

Fri Nov 14 14:56:15 UTC 2014

On Fri, Nov 14, 2014 at 12:10:59PM +0000, Darren Poulson wrote:
> Hi,
> 
> I'm currently having an issue where if I log in as a user on a freshly rebooted machine, their group membership is not populated, so things like sudo do not work properly. If I do a getent group <group>, log out and log back in again, then it works properly.
> 
> for example
> 
> -sh-4.1$ groups dpoulson
> dpoulson : dpoulson ops_admins helpdesk
> -sh-4.1$ getent group ops_users
> ops_users:*:50130:dpoulson,anotheruser,andanother,etc

Is ops_users an IPA group that dpoulsen is a member of (or maybe some AD
trust group or a local UNIX group)? 

> -sh-4.1$ groups dpoulson
> dpoulson : dpoulson ops_admins helpdesk ops_users
> -sh-4.1$ groups
> dpoulson ops_admins helpdesk
> 
> <logout/login>
> 
> -sh-4.1$ groups
> dpoulson helpdesk ops_admins ops_users

Taking the missing ops_users group out of the picture, this is expected,
memberships are set on login only.

> 
> (the user is actually meant to be a member of 6 groups)

Can you paste ipa user-show dpoulson?