[Freeipa-users] Fedora 16 client not getting group names

Stephen Gallagher sgallagh at redhat.com
Fri Jan 27 18:17:51 UTC 2012 

On Fri, 2012-01-27 at 17:57 +0100, Jakub Hrozek wrote:
> On Fri, Jan 27, 2012 at 11:47:01AM -0500, Dan Scott wrote:
> > Hi,
> > 
> > On Fri, Jan 27, 2012 at 10:48, Stephen Gallagher <sgallagh at redhat.com> wrote:
> > > On Fri, 2012-01-27 at 10:36 -0500, Dan Scott wrote:
> > >> Hi,
> > >>
> > >> I have a Fedora 16 client running sssd-client-1.6.4-1.fc16.x86_64.
> > >>
> > >> When I run, e.g. id djscott, I do not get the names of the groups:
> > >>
> > >> -bash-4.2$ id djscott
> > >> uid=768(djscott) gid=1002(legacy-group)
> > >> groups=1002(legacy-group),1134,1130,1118,1103,1108,1113,789600001(ipausers),1102,1109,1129,1111
> > >>
> > >> Is this because they have low GIDs? (These were migrated over from my
> > >> old FreeIPA 1 installation and I'd rather not re-number them all).
> > >>
> > >> Can someone help me to figure out how to retrieve the group names?
> > >> This is working fine on the Fedora 15 clients (sssd-1.5.x).
> > >
> > >
> > > This looks to me like you didn't migrate all of the groups. GIF 1002 and
> > > 789600001 are both reporting the names correctly, so clearly the client
> > > is able to access the FreeIPA server and retrieve groups.
> > 
> > It's working fine with Fedora 15 clients, so I think that the groups
> > were migrated OK.
> > 
> > > Please try the following and report the results:
> > >
> > > getent group 1134
> > >
> > > and also
> > > getent group <groupname>
> > >
> > > where <groupname> is the name that is SUPPOSED to match GID 1134.
> > 
> > I've just realised that once I've manually looked up the group using
> > the name, the id command is 'fixed':
> > 
> > [root at newton ~]# getent group 1134
> > [root at newton ~]# getent group svn-wfdb-swig-matlab
> > svn-wfdb-swig-matlab:*:1134:ikaro,djscott
> > [root at newton ~]# getent group 1134
> > svn-wfdb-swig-matlab:*:1134:ikaro,djscott
> > [root at newton ~]# id djscott
> > uid=768(djscott) gid=1002(legacy-group)
> > groups=1002(legacy-group),1134(svn-wfdb-swig-matlab),1130,1118,1103,1108,1113,789600001(ipausers),1102,1109,1129,1111
> > 
> > The initial getent returned no data. But the group info seems OK once
> > I've done one lookup.
> > 
> 
> That's weird, id runs getgrgid() on each of the returned group GIDs
> 

I know what's going on here. It was a stupid glibc screw-up in Fedora
16. Remove the line starting with "initgroups: " from
your /etc/nsswitch.conf file.

See https://bugzilla.redhat.com/show_bug.cgi?id=751450 for more details.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120127/db4d1c54/attachment.sig>

More information about the Freeipa-users mailing list