[Freeipa-users] New user group not shown on IPA client
Jakub Hrozek
jhrozek at redhat.com
Fri Feb 24 15:44:23 UTC 2017
On Fri, Feb 24, 2017 at 12:36:03PM +0100, Gerald Zabos wrote:
> Hello *,
>
> i just created a new user group 'it_testusers' (90600008) on one of
> the IPA servers and added three existing users:
>
> 'test' (90600005)
> 'ipajoin' (90600001)
> 'ldaptest' (90600003).
>
> When look up the group membership of these users on one of our IPA
> clients with 'id <username>' it shows uid, gid and groups=<gid>, but
> the new group 'it_testusers' is still missing.
>
> Looking up group membership with 'id <username>' on all of our IPA
> servers works, i can see the new group in the list of user's groups.
>
> Server OS: Redhat 7.3
> ipa-server: ipa-server-4.4.0-14.el7_3.4
>
> Client OS: CentOS 7.3
> ipa-client: ipa-client-4.4.0-14.el7.centos.4
>
> I've read https://www.redhat.com/archives/freeipa-users/2015-May/msg00463.html
> as it seems to be a similar problem.
>
> I stopped sssd, removed the files in /var/lib/sss/db and started sssd
> on the client -> still can't see the new group
>
> I rebooted the client -> still can't see the new group
I'm afraid you need to look into sssd logs on the client:
https://fedorahosted.org/sssd/wiki/Troubleshooting
More information about the Freeipa-users
mailing list