[Freeipa-users] FreeIPA 3.0, OSX 10.7 and 10.8, and secondary groups
sallen at theembassyvfx.com
Thu Oct 9 21:27:53 UTC 2014
I have managed to get most of the functionality working with OSX and
FreeIPA. What I cannot seem to get is the secondary groups working.
Posix security is working for primary groups but the security for people
with a secondary group doesn't work.
I can see in the Directory Utility on OSX that each user has it's own group
created and the secondary groups are in there. As well, I have a mapping
that connected groupMember to memberUid which I have read is the correct
way to do this.
Here is what I get when I go 'dscl -read` on OSX 10.8 asking about the
dscl -read /LDAPv3/192.168.x.x/Groups/production
producers and budget access for documents
dsAttrTypeNative:objectClass: top groupofnames nestedgroup ipausergroup
However, when I type `groups` on the Mac, production isn't there and if I
`id` one of the members of the group, they do not show the secondary group.
So I guess I am wondering how do I get OSX access control to use the ALL
the info that it already sees from FreeIPA?
Head of IT
The Embassy Visual Effects Inc.
4th Floor - 177 W 7th Avenue
604.696.6862 ext 239
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeipa-users