[Freeipa-users] Inconsistent group memberships in sssd
Michael Lasevich
mlasevich at gmail.com
Fri Oct 24 00:15:15 UTC 2014
FreeIPA 4.0.3 server with SSSD 1.9.2 on CentOS6
Seems that group membership is completely inconsistent
Running "id" in shell as my user on:
* ipa server - I am a member of 2 groups
* Server that just came up and joined - 1 group
* Server that has been up for some time - 5 groups
Via UI: Member of 7 groups directly and 1 indirect
Gets weirder - I added a line to sudoers file (not ipa sudo support, can't
get that to work) allowing certain group I am a member of. If I run sudo as
the user - i get rejected as not being in sudoers, however if I run check
as root:
sudo -l -U username
I see that I should be allowed.
More wierdness, If I do "getent group <groupname>" - it shows me as a
member - but
I do not recall having this much trouble with same sssd and 3.0 server :-(
Any thoughts?
-M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141023/87e4b60e/attachment.htm>
More information about the Freeipa-users
mailing list