[Freeipa-users] IPA different ID results on different nodes
Sumit Bose
sbose at redhat.com
Tue Jun 4 07:56:03 UTC 2013
On Mon, Jun 03, 2013 at 09:22:21PM -0400, Aly Khimji wrote:
> Hey guys,
>
> Just wanted to say thank you for all your support with everything and
> answering all my questions.
>
> Just wanted to show you something, maybe you can shed some light..
> Below is my self running the ID command on 2 different nodes (1) the IDM
> server and the other the IDM client. I get two different results of my user
> ID, the client being correct and the server not having the correct groups
> displaying with the ID, and even having one that has been deleted.
>
> Is there someplace this information in cached? or I can set an invalidator
> so that the information is pulled down or is forced to expire quicker so
> its checked from AD?
>
> CLIENT:
> -sh-4.1$ hostname
> rhidmclient.nix.corpnonprd.xxxx.com
> -sh-4.1$ id
> uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108(
> akhimji at corpnonprd.xxxx.com)
> groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain
> admins at corpnonprd.xxxx.com),
> 59400513(domain users at corpnonprd.xxxx.com),59401123(
> mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com),
> 162200012(mirra-supapp-admin-nix-cde)
> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>
>
> SERVER:
> didmsvrua01.nix.corpnonprd.xxxx.com
> [root at didmsvrua01 ~]# id akhimji at corpnonprd
> uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108(
> akhimji at corpnonprd.xxxx.com)
> groups=59401108(akhimji at corpnonprd.xxxx.com),59400513,59400513,59401113(
> seca at corpnonprd.xxxx.com)
>
> just a note this group [59401113(seca at corpnonprd.xxxx.com)] was deleted on
> AD, and correctly doesn't show up on the client, but remains in the server.
Group-memberships are cached for some time by SSSD so I would guess you
see cached data on the server. But during authentication the
group-memberships of a user are updated. Can you check if
seca at corpnonprd.xxxx.com does away if you log in with akhimji at corpnonprd
on the server?
bye,
Sumit
>
> Please let me know if you need more info (eg logs, etc..)
>
> Thx
>
> Aly
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list