[Freeipa-users] Users not inheriting groups

William Graboyes wgraboyes at cenic.org
Thu Jul 31 22:42:43 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi List,

I am running into some odd issues with IPA and users not inheriting
all groups they are a member of.

I spent a lot of time nesting groups so that when we add a user all of
the groups they need with one group setting (a boon for automation).
However I am finding a small percentage of users who are in the proper
groups in IPA but the server does not pick up all the groups involved,
until I add those specific users to the group in question.

For clarity:

1) Most users inherit groups fine
2) A small percentage (2-3% discovered so far) Do not inherit one or
more of the needed groups.
3) Work around found by adding users directly to group instead of
nested in proper group (though less than ideal)

Versions
Client:
Linux 2.6.32-431.11.2.el6.x86_64 #1 SMP x86_64 GNU/Linux
ipa-client-3.0.0-37.el6.x86_64
libsss_sudo-1.9.2-129.el6_5.4.x86_64
libsss_idmap-1.9.2-129.el6_5.4.x86_64
libsss_autofs-1.9.2-129.el6_5.4.x86_64
sssd-client-1.9.2-129.el6_5.4.x86_64
sssd-1.9.2-129.el6_5.4.x86_64

Servers (both identical):
Linux 2.6.32-431.17.1.el6.x86_64 #1 SMP x86_64 GNU/Linux
ipa-server-3.0.0-37.el6.x86_64
sssd-client-1.9.2-129.el6_5.4.x86_64
libsss_autofs-1.9.2-129.el6_5.4.x86_64
libsss_idmap-1.9.2-129.el6_5.4.x86_64
sssd-1.9.2-129.el6_5.4.x86_64

Thanks,
Bill G.
CENIC
www.cenic.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJT2sZjAAoJEJFMz73A1+zr4NIP+QEjmG5EgwLAHhEUPIp9znxp
EgJR2xRFl9I+WRh2L1+y5MDGiJwTPCSwak6IRRchbfXNkPNt8xND27LjG5mWynxT
kG1nwxF2aczXlUkaA2GDO5524Dj7MwULUoum8xN5Br0VzL9fAblH4Gzh+ZeSZr2W
g7r2LelucygELaxQxP8Q/aBoDGnZMlQSahB36MaOwy4wQ+2E/Bp7scShFerBdqaK
kRcXRNlGAMtGkOpLT7sf7WYMcVWcY6EX8ZoTB36qucia5C+oGY0psAkaYgJw0tC9
Aht0rj+ZJZqVKoTa1iybfTnfxwrokxFPM1VMOYrXZrWrq1M97KKoPK/mqKoC9spA
leNcSJ8yjtTXEFS4RPI4kA9VrujF+4qvKIwZ4EM4Fli2zaFhwmeywtrP/SAMmAGO
fbqkEYn4MWrqpRXFSFGpqiycCnXGINMVJkWCWPN89lWX7124cDZJi5PpzAhukWk3
a6Diycia60oY8iAcDqDejO2mXFLO+5iJ+Xaxlr0noKXvMhV1qIEpVNR3wuqcF43W
aByAuhvmEhKfJFM4IaZcYI3E8ozblLmY2RH+q5r4vRHWd+10eN+TKhN/kDOEY9gp
ELOZ0kxgKkYICJc4gL0VW2fQiVDwQ+2O8LgmLeGOpcic8Yp3yUoEzX+5Z1frVFU5
iGIDDYYNNXU6OmbOOuv+
=MI8L
-----END PGP SIGNATURE-----

More information about the Freeipa-users mailing list