[Freeipa-users] Inconsistent group memberships in sssd

Michael Lasevich mlasevich at gmail.com
Fri Oct 24 00:15:15 UTC 2014

FreeIPA 4.0.3 server with SSSD 1.9.2 on CentOS6

Seems that group membership is completely inconsistent

Running "id" in shell as my user on:
  * ipa server - I am a member of 2 groups
  * Server that just came up and joined - 1 group
  * Server that has been up for some time  - 5 groups

Via UI: Member of 7 groups directly and 1 indirect

Gets weirder - I added a line to sudoers file (not ipa sudo support, can't
get that to work) allowing certain group I am a member of. If I run sudo as
the user - i get rejected as not being in sudoers, however if I run check
as root:

sudo -l -U username

I see that I should be allowed.

More wierdness, If I do "getent group <groupname>" - it shows me as a
member - but
I do not recall having this much trouble with same sssd and 3.0 server :-(

Any thoughts?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141023/87e4b60e/attachment.htm>

More information about the Freeipa-users mailing list