I should note the problem exists on latest CentOS7 with fully up to date rpms on both client/server.
Alfred On Tue, Jun 16, 2020 at 3:02 PM Alfred Victor <alvic...@gmail.com> wrote: > Hi all, > > We have built a FreeIPA system and used ipa migrate-ds to migrate and are > testing the environment however we have a stubbornly persistent issue with > gid array from posix commands or when dealing with filesystem ownerships. > When I create a user in IPA, then add some groups, the issue is immediately > present. In this case these first two below are missing a group ("testers"): > > [alvic@HOD28 ~]$ id ipatest > > uid=464200021(ipatest) gid=464200021(ipatest) > groups=464200021(ipatest),464200000(admins) > > And another: > > [alvic@NODE-1-1 ~]$ id ipatest > > uid=464200021(ipatest) gid=464200021(ipatest) > groups=464200021(ipatest),464200000(admins) > > > More commonly, this is the case where only primary gid is returned, and > both groups are missing: > > > [alvic@NODE-1-2 ~]$ id ipatest > > uid=464200021(ipatest) gid=464200021(ipatest) groups=464200021(ipatest) > > > > The client systems were each provisioned like so, and we have also tested > and found this issue on a totally up to date new CentOS 7 system: > > > ipa-client-install -U -q -p [redacted] --domain=redacted.com --server= > ipa.redacted.com --fixed-primary --force-join > > > > We have also attempted a full update of the IPA server via yum update and > restarted it but the issue is incredibly common. We have also enabled sssd > debuglevel 7 and I noted the following line: > > > > (Tue Jun 16 10:01:09 2020) [sssd[be[redacted.com]]] [sdap_save_user] > (0x0400): Original memberOf is not available for [ipat...@redacted.com]. > > > Worth noting that groups display fine for a user, without fail, only if > using "ipa user-show" > > > > Alfred >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org