[Freeipa-users] Clients are reading AD info inconsistently

[Dmitri Pal]

On 03/24/2015 05:08 PM, Guertin, David S. wrote:
>
> I have three IPA servers set up (master and two replicas) and they're 
> all behaving normally. AD users can log in, AD group restrictions are 
> honored, etc. Now I'm trying to set up clients, and running into 
> problems. I have three clients set up, and all three behave differently.
>
> On one of the clients, users can log in like they can on the servers. 
> On the other two, users can't log in, but these two behave differently 
> from each other.
>
> Client 1 and servers (this is correct):
>
> # id 'MIDD\juser'
>
> uid=435021613(juser at middlebury.edu) 
> gid=435021613(juser at middlebury.edu) 
> groups=435021613(juser at middlebury.edu),435330225(computer science lab 
> login at middlebury.edu),435231589(fmp_ms_eventschedule_users at middlebury.edu),435208664(miis 
> labfiles everyone at middlebury.edu),435032463(mcms no 
> rights at middlebury.edu),435000513(domain 
> users at middlebury.edu),435286826(netoperators at middlebury.edu),435461517(ipausers at middlebury.edu 
> <mailto:users at middlebury.edu>)
>
> Client 2 (AD groups are not listed):
>
> # id 'MIDD\juser'
>
> uid=435021613(juser at middlebury.edu) 
> gid=435021613(juser at middlebury.edu) 
> groups=435021613(juser at middlebury.edu <mailto:juser at middlebury.edu>)
>
> Client 3 (user not found):
>
> # id 'MIDD\juser'
>
> id: MIDD\juser: No such user
>
> On each client I have cleared the sssd cache (rm --f 
> /var/lib/sss/db/*) and restarted sssd, with no effect. I have also 
> uninstalled and re-installed the client, also with no effect.
>
> What else can I try?
>
> David Guertin
>
>
>
What are the platforms and package versions of SSSD on these clients?


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150324/ea7d66bb/attachment.htm>