[Freeipa-users] Usernames not being seen on IPA Master

Jakub Hrozek jhrozek at redhat.com
Thu Apr 16 13:24:39 UTC 2015 

On Thu, Apr 16, 2015 at 01:13:56PM +0000, Joseph, Matthew (EXP) wrote:
> Hello,
> 
> I'm running into an issue where a new user account created on the master server is not being seen for changing file permissions and such.

Is the new user visible on the master itself via the standard system
interfaces (getent passwd $newuser, id $user) ?

> I can login using the newly created user account but when I try to change permissions on a file/directory it comes up with the following error;
> Chown: changing ownership of 'username' : Invalid argument

Can you strace the chown invocation so that we're sure what part really
fails?

> 
> Now if I go to my replica IPA server it works fine.
> 
> I deleted the user and created it again with the same username, gave the account a different UID and when I tried to permission the directory again it states the same error as above.

Please note that file ownership is defined by IDs, not usernames, so if
you recreate a user with different ID, you need to chown all his
previously used files.

> I changed the permissions on the replica server and went back to the master and looked at the permissions of the directory and it's showing the old UID. I can login as the new user and the permissions are fine, the user can create and modify files in that directory.
> 
> When I run ipa user-find -all -raw username it brings up all of the correct information that I entered for the account.
> I searched for the old UID that was used with this account before but it doesn't seem to exist in IPA.
> 
> I've tried restarting the IPA service and remounting the directory that contains the required folders but with no luck.
> I cleared the SSSD and the NSCD cache.

Using nscd along with SSSD is discouraged. We recommend to disable nscd,
at last for the maps that SSSD caches.

SSSD provides its own fast in-memory cache, so you won't lose
performance.
> 
> Does IPA have another cache that needs to be cleared or anything like that?
> 
> 
> Thanks,
> 
> Matt

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list