[Freeipa-users] freeipa and User Private Groups
Les Stott
Less at imagine-sw.com
Tue Jul 14 09:01:54 UTC 2015
Jakub,
Thanks for the follow up.
We try and stick to standard rhel/epel repo's (due to policy) so I am not able to install a non-standard version of sssd.
I have decided to disable the User Private Group plugin and convert ipausers to a posix group. There was nothing I could see that required us to use UPG's. This setup is working for me now.
Thanks,
Les
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-
> bounces at redhat.com] On Behalf Of Jakub Hrozek
> Sent: Tuesday, 14 July 2015 6:42 PM
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] freeipa and User Private Groups
>
> On Mon, Jul 13, 2015 at 09:11:09AM +0000, Les Stott wrote:
> > Hi All,
> >
> > Running ipa-3.0.0-42.el6 and sssd-1.11.6-30.el6_6.3.x86_64
> >
> > So, by default, when you create a user in freeipa, That user will be set to
> have a primary group that is hidden and not a POSIX group.
> >
> > This means that when the user logs in to a host, they will see something
> like...
> >
> > id: cannot find name for group ID <group_number>
>
> It is not expected to not be able to return the name of the user group and I
> don't see that in my setup. I was suspecting rhbz#1165074 but your sssd
> should already have that bug fixed.
>
> Can you see if the packages from
> https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12/
> also show that behaviour?
>
> If yes, can you get us sssd logs as described here:
> https://fedorahosted.org/sssd/wiki/Troubleshooting
>
> >
> > running the id command shows no name returned for this group.
> >
> > I understand you can disable private groups globally, however it is
> discouraged. I also realise you can simply create POSIX groups when creating
> users.
> >
> > In the spirit of trying to stick with the defaults....
> >
> > Is there a way to avoid the login error where id can't retrieve the group
> name from a UPG?
> >
> > Thanks,
> >
> > Les
> >
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list