[Freeipa-users] FreeIPA user ID differs

Wed Aug 5 13:02:00 UTC 2015

Hey,

I´ve wiped sss_cache before I tried again and restarted the service. Nevertheless the problem still persists. Beyond the problem is only located on one FreeIPA host. Other hosts have received the updates or see the correct values. 

-----Ursprüngliche Nachricht-----
Von: Rob Crittenden [mailto:rcritten at redhat.com] 
Gesendet: Mittwoch, 5. August 2015 14:57
An: Moj, Markus; christopher.lamb at ch.ibm.com; loris at lgs.com.ve
Cc: freeipa-users at redhat.com
Betreff: Re: [Freeipa-users] FreeIPA user ID differs

Markus.Moj at mc.ingenico.com wrote:
> Hi Christopher, Hi Loris,
>
> The plugin is enabled
>
> ipa-compat-manage status
> Plugin Enabled
>
> When I request the id of a posix user on the freeipa server then I receive the output I expact with correct uid, gid and groups. But on a connected host, with freeipa client tools, I receive the old values. Are these values stored somewhere ?

sssd has its own cache. See the sssd man pages for all the knobs and sss_cache for wiping it.

rob

>
> -----Ursprüngliche Nachricht-----
> Von: Christopher Lamb [mailto:christopher.lamb at ch.ibm.com]
> Gesendet: Mittwoch, 5. August 2015 14:38
> An: Moj, Markus; Loris Santamaria
> Cc: freeipa-users at redhat.com
> Betreff: Re: [Freeipa-users] FreeIPA user ID differs
>
> Check also that the compat tree plugin is enabled, and enable it if not:
>
> ipa-compat-manage status
>
> ipa-compat-manage enable
>
> ipactl restart
>
> Cheers,
>
> Chris
>
>
> From:	Loris Santamaria <loris at lgs.com.ve>
> To:	freeipa-users at redhat.com
> Date:	05.08.2015 14:26
> Subject:	Re: [Freeipa-users] FreeIPA user ID differs
> Sent by:	freeipa-users-bounces at redhat.com
>
>
>
> Hi, the compat tree is generated dynamically based on the cn=accounts tree and from information retrieved by server-mode SSSD.
>
> If the compat tree gets out of sync, a restart of the ipa server and SSSD should fix it.
>
> Best regards
>
> El mié, 05-08-2015 a las 12:14 +0000, Markus.Moj at mc.ingenico.com
> escribió:
>> Hi Christopher,
>>
>> how to update the compat tree accordingly? Our developers edited the 
>> values in FreeIPA but don´t see the nis id´s and therefore can´t edit 
>> them.
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Christopher Lamb [mailto:christopher.lamb at ch.ibm.com]
>> Gesendet: Dienstag, 4. August 2015 11:27
>> An: Moj, Markus
>> Cc: freeipa-users at redhat.com
>> Betreff: Re: [Freeipa-users] FreeIPA user ID differs
>>
>> Markus
>>
>> Have you checked both the cn=accounts and cn=compat trees?.  Users 
>> and groups are stored in both, and both would need manipulation...
>>
>> Ciao
>>
>> Chris
>>
>>
>>
>> From:		 <Markus.Moj at mc.ingenico.com>
>> To:		 <freeipa-users at redhat.com>
>> Date:		 04.08.2015 11:14
>> Subject:		 [Freeipa-users] FreeIPA user ID differs
>> Sent by:		 freeipa-users-bounces at redhat.com
>>
>>
>>
>> Hi @all,
>>
>> I´ve encountered a strange „error“. I´ve created a user with a 
>> generated UID from the predefined range. After creation I´ve had to 
>> manipulate the UID to fit an old NIS configuration and set the UID to 
>> the old NIS value.
>> FreeIPA shows the correct UID as well as ldapsearch. But if I logon 
>> onto a host and enter `id <username>` I receive the old UID, GID and 
>> groups information instead of the corrected one.
>>
>> Maybe someone can help me out to pinpoint the error and to fix it.
>>
>> Cheers,
>> Markus--
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
> --
> Loris Santamaria   linux user #70506   xmpp:loris at lgs.com.ve
> Links Global Services, C.A.            http://www.lgs.com.ve
> Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:103 at lgs.com.ve
> ------------------------------------------------------------
> "If I'd asked my customers what they wanted, they'd have said a faster horse" - Henry Ford [attachment "smime.p7s" deleted by Christopher Lamb/Switzerland/IBM] -- Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>