<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
What does <br>
<br>
getent group ose-developers <br>
getent group 889000002<br>
<br>
on the ipa client show? the client sssd nss and domain logs will log
any relevant errors.<br>
<br>
Jatin<br>
<br>
<div class="moz-cite-prefix">On 25/07/14 13:22, Mark Heslin wrote:<br>
</div>
<blockquote cite="mid:53D1CD85.6080209@redhat.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Happy Friday,<br>
<br>
I'm getting this message on login to an IPA client and not sure
why:<br>
<br>
$ ssh -Y -l <b>ose-dev1</b> rhc1.interop.example.com<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:ose-dev1@rhc1.interop.example.com">ose-dev1@rhc1.interop.example.com</a>'s
password: <br>
Last login: Thu Jul 24 19:46:46 2014 from
rhc1.interop.example.com<br>
Kickstarted on 2013-12-11<br>
<b>id: cannot find name for group ID 889000002</b> <---
???<br>
<br>
The group and account were created about 2 months ago on an IdM
(RHEL 7) server as follows:<br>
<br>
<meta http-equiv="CONTENT-TYPE" content="text/html;
charset=ISO-8859-1">
<title></title>
<meta name="GENERATOR" content="LibreOffice 4.1.6.2 (Linux)">
<style type="text/css">
<!--
@page { margin: 0.79in }
P { margin-bottom: 0.08in }
A:link { so-language: zxx }
-->
</style>#<b> ipa group-add ose-developers --desc="OpenShift Developers"
--gid=889000002 </b><br>
---------------------------- <br>
Added group "ose-developers" <br>
---------------------------- <br>
Group name: ose-developers <br>
Description: OpenShift Developers <br>
<b> GID: 889000002</b> <br>
<br>
#<b> ipa user-add ose-dev1 --first="OSE" --last="Dev 1"
--displayname="OpenShift Developer 1"
--homedir="/home/ose-dev1" --shell="/bin/bash" </b><b><br>
</b><b> </b><b>--uid=889000002 --gidnumber=889000002
--password </b><br>
Password: *******<br>
Enter Password again to verify: <br>
--------------------- <br>
Added user "ose-dev1" <br>
--------------------- <br>
User login: ose-dev1 <br>
First name: OSE <br>
Last name: Dev 1 <br>
Full name: OSE Dev 1 <br>
Display name: OpenShift Developer 1 <br>
Initials: OD <br>
Home directory: /home/ose-dev1 <br>
GECOS: OSE Dev 1 <br>
Login shell: /bin/bash <br>
Kerberos principal: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:ose-dev1@INTEROP.EXAMPLE.COM">ose-dev1@INTEROP.EXAMPLE.COM</a>
<br>
Email address: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:ose-dev1@interop.example.com">ose-dev1@interop.example.com</a>
<br>
UID: 889000002 <br>
<b>GID: 889000002 </b><br>
Password: True <br>
Member of groups: ipausers <br>
Kerberos keys available: True <br>
<br>
On the IdM server, when I run 'group-show', 'group-find' I get:<br>
<br>
<meta http-equiv="CONTENT-TYPE" content="text/html;
charset=ISO-8859-1">
<title></title>
<meta name="GENERATOR" content="LibreOffice 4.1.6.2 (Linux)">
<style type="text/css">
<!--
@page { margin: 0.79in }
P { margin-bottom: 0.08in }
A:link { so-language: zxx }
-->
</style># ipa group-show ose-developers <br>
Group name:<b> ose-developers </b><br>
Description: OpenShift Developers <br>
<b>GID: 889000002 </b><br>
<br>
# ipa group-find ose-developers<br>
---------------<br>
1 group matched<br>
---------------<br>
Group name:<b> ose-developers</b><br>
Description: OpenShift Developers<br>
<b> GID: 889000002</b><br>
----------------------------<br>
Number of entries returned 1<br>
----------------------------<br>
<br>
and 'user-show' returns:<br>
<br>
# ipa user-show ose-dev1<br>
User login: ose-dev1<br>
First name: OSE<br>
Last name: Dev 1<br>
Home directory: /home/ose-dev1<br>
Login shell: /bin/bash<br>
Email address: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:ose-dev1@interop.example.com">ose-dev1@interop.example.com</a><br>
UID: 889000002<br>
<b> GID: 889000002</b><br>
Account disabled: False<br>
Password: True<br>
Member of groups: ipausers<br>
Kerberos keys available: True<br>
<br>
so clearly the groups, user entries are correct in IdM. On first
login, the homedir<br>
is created but the group name is not resolved:<br>
<br>
$ pwd<br>
/home/ose-dev1<br>
[ose-dev1@xrhc1 ~]$ ls -lad .<br>
drwxr-xr-x. 3 ose-dev1 <b>889000002</b> 4096 Jul 24 19:51 .<br>
$ id<br>
uid=889000002(ose-dev1) <b>gid=889000002</b> groups=889000002
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023<br>
<br>
Is there some other client side lookup issue that is causing this?
Why doesn't <b>gid=889000002</b> map to (<b>ose-developers</b>)?<br>
<br>
Thanks!<br>
<br>
-m<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Red Hat Reference Architectures
Follow Us: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://twitter.com/RedHatRefArch">https://twitter.com/RedHatRefArch</a>
Plus Us: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://plus.google.com/u/0/b/114152126783830728030/">https://plus.google.com/u/0/b/114152126783830728030/</a>
Like Us: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.facebook.com/rhrefarch">https://www.facebook.com/rhrefarch</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>