[Freeipa-users] id: cannot find name for group ID

Fri Jul 25 14:54:20 UTC 2014

On 07/24/2014 11:33 PM, Jatin Nansi wrote:
> What does
>
> getent group ose-developers
> getent group 889000002
>
> on the ipa client show? the client sssd nss and domain logs will log 
> any relevant errors.
>
> Jatin

Hi Jatin,

Beats me but - apparently it's working fine now:

   $  ssh -Y -l ose-dev1 rhc1.interop.example.com
    Last login: Thu Jul 24 19:51:19 2014 from xrhc1.interop.example.com
    Kickstarted on 2013-12-11

    [ose-dev1 at rhc1 ~]$ getent group ose-developers
    ose-developers:*:889000002:

    [ose-dev1 at rhc1 ~]$ getent group 889000002
    ose-developers:*:889000002:

    [ose-dev1 at rhc1 ~]$ id
    uid=889000002(ose-dev1) gid=889000002*(ose-developers)* 
groups=889000002(ose-developers) 
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

I rebooted both IdM servers, client about an hour before - maybe the 
client had old cache entries?

Thanks and sorry for the false alarm.

-m

>
> On 25/07/14 13:22, Mark Heslin wrote:
>> Happy Friday,
>>
>> I'm getting this message on login to an IPA client and not sure why:
>>
>>   $ ssh -Y -l *ose-dev1* rhc1.interop.example.com
>> ose-dev1 at rhc1.interop.example.com's password:
>>   Last login: Thu Jul 24 19:46:46 2014 from rhc1.interop.example.com
>>   Kickstarted on 2013-12-11
>> *id: cannot find name for group ID 889000002*   <--- ???
>>
>> The group and account were created about 2 months ago on an IdM (RHEL 
>> 7) server as follows:
>>
>> #*ipa group-add ose-developers --desc="OpenShift Developers" 
>> --gid=889000002 *
>>   ----------------------------
>>   Added group "ose-developers"
>>   ----------------------------
>>     Group name: ose-developers
>>     Description: OpenShift Developers
>> *GID: 889000002*
>>
>>   #*ipa user-add ose-dev1 --first="OSE" --last="Dev 1" 
>> --displayname="OpenShift Developer 1" --homedir="/home/ose-dev1"  
>> --shell="/bin/bash" **
>> ****--uid=889000002 --gidnumber=889000002 --password *
>>    Password: *******
>>    Enter Password again to verify:
>>    ---------------------
>>    Added user "ose-dev1"
>>    ---------------------
>>      User login: ose-dev1
>>      First name: OSE
>>      Last name: Dev 1
>>      Full name: OSE Dev 1
>>      Display name: OpenShift Developer 1
>>      Initials: OD
>>      Home directory: /home/ose-dev1
>>      GECOS: OSE Dev 1
>>      Login shell: /bin/bash
>>      Kerberos principal: ose-dev1 at INTEROP.EXAMPLE.COM
>>      Email address: ose-dev1 at interop.example.com
>>      UID: 889000002
>> *GID: 889000002 *
>>      Password: True
>>      Member of groups: ipausers
>>      Kerberos keys available: True
>>
>> On the IdM server, when I run 'group-show', 'group-find' I get:
>>
>> # ipa group-show ose-developers
>>   Group name:*ose-developers *
>>   Description: OpenShift Developers
>> *GID: 889000002 *
>>
>> # ipa group-find ose-developers
>>    ---------------
>>   1 group matched
>>   ---------------
>>     Group name:*ose-developers*
>>     Description: OpenShift Developers
>> *GID: 889000002*
>>   ----------------------------
>>   Number of entries returned 1
>>   ----------------------------
>>
>> and 'user-show' returns:
>>
>> # ipa user-show ose-dev1
>>   User login: ose-dev1
>>   First name: OSE
>>   Last name: Dev 1
>>   Home directory: /home/ose-dev1
>>   Login shell: /bin/bash
>>   Email address: ose-dev1 at interop.example.com
>>   UID: 889000002
>> *GID: 889000002*
>>   Account disabled: False
>>   Password: True
>>   Member of groups: ipausers
>>   Kerberos keys available: True
>>
>> so clearly the groups, user entries are correct in IdM. On first 
>> login, the homedir
>> is created but the group name is not resolved:
>>
>>   $ pwd
>>   /home/ose-dev1
>>   [ose-dev1 at xrhc1 ~]$ ls -lad .
>>   drwxr-xr-x. 3 ose-dev1 *889000002* 4096 Jul 24 19:51 .
>>   $ id
>>   uid=889000002(ose-dev1) *gid=889000002* groups=889000002 
>> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>>
>> Is there some other client side lookup issue that is causing this? 
>> Why doesn't *gid=889000002* map to (*ose-developers*)?
>>
>> Thanks!
>>
>> -m
>>
>>
>> -- 
>>
>> Red Hat Reference Architectures
>>
>> Follow Us:https://twitter.com/RedHatRefArch
>> Plus Us:https://plus.google.com/u/0/b/114152126783830728030/
>> Like Us:https://www.facebook.com/rhrefarch
>>
>>
>
>
>

-- 

Red Hat Reference Architectures

Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140725/0d4eccc7/attachment.htm>