[Freeipa-users] Inconsistent group memberships in sssd
Michael Lasevich
mlasevich at gmail.com
Fri Oct 24 00:19:38 UTC 2014
Small update, it appears that once I run "getent group <groupname>" - my
user shows up in the group <groupname>. Odd.
(and yes, I have ran "sss_cache -UG" many a time)
-M
On Thu, Oct 23, 2014 at 5:15 PM, Michael Lasevich <mlasevich at gmail.com>
wrote:
> FreeIPA 4.0.3 server with SSSD 1.9.2 on CentOS6
>
> Seems that group membership is completely inconsistent
>
> Running "id" in shell as my user on:
> * ipa server - I am a member of 2 groups
> * Server that just came up and joined - 1 group
> * Server that has been up for some time - 5 groups
>
> Via UI: Member of 7 groups directly and 1 indirect
>
> Gets weirder - I added a line to sudoers file (not ipa sudo support, can't
> get that to work) allowing certain group I am a member of. If I run sudo as
> the user - i get rejected as not being in sudoers, however if I run check
> as root:
>
> sudo -l -U username
>
> I see that I should be allowed.
>
> More wierdness, If I do "getent group <groupname>" - it shows me as a
> member - but
> I do not recall having this much trouble with same sssd and 3.0 server :-(
>
> Any thoughts?
>
> -M
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141023/e66fbd21/attachment.htm>
More information about the Freeipa-users
mailing list