[Freeipa-users] Group membership not populated
Darren Poulson
darren.poulson at genesys.com
Fri Nov 14 15:07:29 UTC 2014
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Jakub Hrozek [jhrozek at redhat.com]
> Sent: 14 November 2014 14:56
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Group membership not populated
>
> On Fri, Nov 14, 2014 at 12:10:59PM +0000, Darren Poulson wrote:
> > Hi,
> >
> > I'm currently having an issue where if I log in as a user on a freshly rebooted machine, their group membership > is not populated, so things like sudo do not work properly. If I do a getent group <group>, log out and log back in > again, then it works properly.
> >
> > for example
> >
> > -sh-4.1$ groups dpoulson
> > dpoulson : dpoulson ops_admins helpdesk
> > -sh-4.1$ getent group ops_users
> > ops_users:*:50130:dpoulson,anotheruser,andanother,etc
>
> Is ops_users an IPA group that dpoulsen is a member of (or maybe some AD
> trust group or a local UNIX group)?
>
An IPA group, no AD or other funkiness in this set up yet.
> > -sh-4.1$ groups dpoulson
> > dpoulson : dpoulson ops_admins helpdesk ops_users
> > -sh-4.1$ groups
> > dpoulson ops_admins helpdesk
> >
> > <logout/login>
> >
> > -sh-4.1$ groups
> > dpoulson helpdesk ops_admins ops_users
>
> Taking the missing ops_users group out of the picture, this is expected,
> memberships are set on login only.
>
Agreed.
> >
> > (the user is actually meant to be a member of 6 groups)
>
> Can you paste ipa user-show dpoulson?
[root at freeipa1-01 ~]# ipa user-show dpoulson
User login: dpoulson
First name: Darren
Last name: Poulson
Home directory: /home/dpoulson
Login shell: /bin/sh
Email address: dpoulson at genesys.com
UID: 50004
GID: 50004
Telephone Number: 123-555-1234
Account disabled: False
Password: True
Member of groups: admins, ipausers, helpdesk, sbmonitor_users, ops_users, ops_admins
Indirect Member of role: helpdesk
Indirect Member of Sudo rule: sudo_admins
Indirect Member of HBAC rule: allow_all
Kerberos keys available: True
SSH public key fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX darren.poulson at genesys.com (ssh-rsa)
Cheers,
Darren.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list