[Freeipa-users] Inconsistent group memberships in sssd
mlasevich at gmail.com
Fri Oct 24 00:19:38 UTC 2014
Small update, it appears that once I run "getent group <groupname>" - my
user shows up in the group <groupname>. Odd.
(and yes, I have ran "sss_cache -UG" many a time)
On Thu, Oct 23, 2014 at 5:15 PM, Michael Lasevich <mlasevich at gmail.com>
> FreeIPA 4.0.3 server with SSSD 1.9.2 on CentOS6
> Seems that group membership is completely inconsistent
> Running "id" in shell as my user on:
> * ipa server - I am a member of 2 groups
> * Server that just came up and joined - 1 group
> * Server that has been up for some time - 5 groups
> Via UI: Member of 7 groups directly and 1 indirect
> Gets weirder - I added a line to sudoers file (not ipa sudo support, can't
> get that to work) allowing certain group I am a member of. If I run sudo as
> the user - i get rejected as not being in sudoers, however if I run check
> as root:
> sudo -l -U username
> I see that I should be allowed.
> More wierdness, If I do "getent group <groupname>" - it shows me as a
> member - but
> I do not recall having this much trouble with same sssd and 3.0 server :-(
> Any thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeipa-users