[Freeipa-users] IPA different ID results on different nodes
Aly Khimji
aly.khimji at gmail.com
Tue Jun 4 13:40:21 UTC 2013
I re-logged in this morning into the server and i see the following on the
server
Any thoughts?
Thx again.
SERVER:
-sh-4.1$ id
uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108(
akhimji at corpnonprd.xxxx.com) groups=59401108(akhimji at corpnonprd.xxxx.com)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
CLIENT:
-sh-4.1$ id
uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108(
akhimji at corpnonprd.xxxx.com)
groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain
admins at corpnonprd.xxxx.com),59400513(domain users at corpnonprd.xxxx.com
),59401123(mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com),162200012(mirra-supapp-admin-nix-cde)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
-sh-4.1$
CLIENT LOG:
(Tue Jun 4 09:35:51 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
(Tue Jun 4 09:35:51 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[sdap_id_op_done] (0x0200): communication error on cached connection,
moving to next server
(Tue Jun 4 09:35:51 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 3,110,User lookup
failed
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_get_account_info] (0x0100): Got request for [3][1][name=akhimji]
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
failed
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler] (0x0100): Got request with the following data
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): service: sshd
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): tty: ssh
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): ruser:
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): rhost: 10.210.240.246
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok type: 1
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok size: 11
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok type: 0
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok size: 0
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): priv: 1
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): cli_pid: 10644
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[check_for_valid_tgt] (0x0020): krb5_cc_retrieve_cred failed.
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_resolve_server_process] (0x0200): Found address for server
didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200
(Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[krb5_find_ccache_step] (0x0080): Saved ccache
FILE:/tmp/krb5cc_59401108_opsH3I if of different type than ccache in
configuration file, reusing the old ccache
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[fo_set_port_status] (0x0100): Marking port 389 of server '
didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[set_server_common_status] (0x0100): Marking server '
didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
[Success]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler_callback] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler_callback] (0x0100): Sent result [0][CorpNonPrd.xxxx.com]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[child_sig_handler] (0x0100): child [10648] finished successfully.
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_get_account_info] (0x0100): Got request for [3][1][name=akhimji]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[acctinfo_callback] (0x0100): *Request processed. Returned 3,95,User lookup
failed*
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler] (0x0100): Got request with the following data
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): command: PAM_ACCT_MGMT
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): service: sshd
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): tty: ssh
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): ruser:
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): rhost: 10.210.240.246
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok type: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok size: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok type: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok size: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): priv: 1
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): cli_pid: 10644
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_resolve_server_process] (0x0200): Found address for server
didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_resolve_server_process] (0x0200): Found address for server
didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[sdap_cli_auth_step] (0x0100): expire timeout is 900
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: host/
rhidmclient.nix.corpnonprd.xxxx.com
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[child_sig_handler] (0x0100): child [10649] finished successfully.
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[fo_set_port_status] (0x0100): Marking port 389 of server '
didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[set_server_common_status] (0x0100): Marking server '
didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[hbac_get_category] (0x0200): Category is set to 'all'.
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[hbac_get_category] (0x0200): Category is set to 'all'.
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[hbac_get_category] (0x0200): Category is set to 'all'.
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [allow_all]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
[Success]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[sss_selinux_extract_user] (0x0040): sysdb_search_user_by_name failed.
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[ipa_selinux_handler] (0x0040): Cannot create op context
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>)
[Internal Error (System error)]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler_callback] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler_callback] (0x0100): Sent result [0][CorpNonPrd.xxxx.com]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_get_account_info] (0x0100): Got request for [4099][1][name=akhimji]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[acctinfo_callback] (0x0100): *Request processed. Returned 3,95,User lookup
failed*
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_get_account_info] (0x0100): Got request for [3][1][name=akhimji]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
failed
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler] (0x0100): Got request with the following data
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): command: PAM_SETCRED
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): service: sshd
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): tty: ssh
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): ruser:
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): rhost: 10.210.240.246
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok type: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok size: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok type: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok size: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): priv: 1
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): cli_pid: 10644
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_get_account_info] (0x0100): Got request for [3][1][name=akhimji]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
failed
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler] (0x0100): Got request with the following data
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): command: PAM_OPEN_SESSION
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): service: sshd
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): tty: ssh
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): ruser:
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): rhost: 10.210.240.246
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok type: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok size: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok type: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok size: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): priv: 1
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): cli_pid: 10644
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_get_account_info] (0x0100): Got request for [4099][1][name=akhimji]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
failed
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_get_account_info] (0x0100): Got request for [3][1][name=akhimji]
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
failed
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler] (0x0100): Got request with the following data
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): command: PAM_SETCRED
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): service: sshd
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): tty: ssh
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): ruser:
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): rhost: 10.210.240.246
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok type: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): authtok size: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok type: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): newauthtok size: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): priv: 0
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[pam_print_data] (0x0100): cli_pid: 10650
(Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_pam_handler] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
(Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[be_get_account_info] (0x0100): Got request for
[4098][1][idnumber=162200012]
(Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[sdap_nested_get_user_send] (0x0080):* Couldn't parse out user information
based on DN (null), falling back to an LDAP lookup*
(Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[sdap_save_grpmem] (0x0040): F*ailed to save user mirra-supapp-admin-nix-cde
*
(Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[sdap_save_groups] (0x0040): *Failed to store group 0 members*.
(Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
Aly
On Tue, Jun 4, 2013 at 3:56 AM, Sumit Bose <sbose at redhat.com> wrote:
> On Mon, Jun 03, 2013 at 09:22:21PM -0400, Aly Khimji wrote:
> > Hey guys,
> >
> > Just wanted to say thank you for all your support with everything and
> > answering all my questions.
> >
> > Just wanted to show you something, maybe you can shed some light..
> > Below is my self running the ID command on 2 different nodes (1) the IDM
> > server and the other the IDM client. I get two different results of my
> user
> > ID, the client being correct and the server not having the correct groups
> > displaying with the ID, and even having one that has been deleted.
> >
> > Is there someplace this information in cached? or I can set an
> invalidator
> > so that the information is pulled down or is forced to expire quicker so
> > its checked from AD?
> >
> > CLIENT:
> > -sh-4.1$ hostname
> > rhidmclient.nix.corpnonprd.xxxx.com
> > -sh-4.1$ id
> > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108(
> > akhimji at corpnonprd.xxxx.com)
> > groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain
> > admins at corpnonprd.xxxx.com),
> > 59400513(domain users at corpnonprd.xxxx.com),59401123(
> > mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com),
> > 162200012(mirra-supapp-admin-nix-cde)
> > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> >
> >
> > SERVER:
> > didmsvrua01.nix.corpnonprd.xxxx.com
> > [root at didmsvrua01 ~]# id akhimji at corpnonprd
> > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108(
> > akhimji at corpnonprd.xxxx.com)
> > groups=59401108(akhimji at corpnonprd.xxxx.com),59400513,59400513,59401113(
> > seca at corpnonprd.xxxx.com)
> >
> > just a note this group [59401113(seca at corpnonprd.xxxx.com)] was deleted
> on
> > AD, and correctly doesn't show up on the client, but remains in the
> server.
>
> Group-memberships are cached for some time by SSSD so I would guess you
> see cached data on the server. But during authentication the
> group-memberships of a user are updated. Can you check if
> seca at corpnonprd.xxxx.com does away if you log in with akhimji at corpnonprd
> on the server?
>
> bye,
> Sumit
> >
> > Please let me know if you need more info (eg logs, etc..)
> >
> > Thx
> >
> > Aly
>
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130604/e0829c97/attachment.htm>
More information about the Freeipa-users
mailing list