On Fri, 2012-01-27 at 17:57 +0100, Jakub Hrozek wrote: > On Fri, Jan 27, 2012 at 11:47:01AM -0500, Dan Scott wrote: > > Hi, > > > > On Fri, Jan 27, 2012 at 10:48, Stephen Gallagher <sgall...@redhat.com> > > wrote: > > > On Fri, 2012-01-27 at 10:36 -0500, Dan Scott wrote: > > >> Hi, > > >> > > >> I have a Fedora 16 client running sssd-client-1.6.4-1.fc16.x86_64. > > >> > > >> When I run, e.g. id djscott, I do not get the names of the groups: > > >> > > >> -bash-4.2$ id djscott > > >> uid=768(djscott) gid=1002(legacy-group) > > >> groups=1002(legacy-group),1134,1130,1118,1103,1108,1113,789600001(ipausers),1102,1109,1129,1111 > > >> > > >> Is this because they have low GIDs? (These were migrated over from my > > >> old FreeIPA 1 installation and I'd rather not re-number them all). > > >> > > >> Can someone help me to figure out how to retrieve the group names? > > >> This is working fine on the Fedora 15 clients (sssd-1.5.x). > > > > > > > > > This looks to me like you didn't migrate all of the groups. GIF 1002 and > > > 789600001 are both reporting the names correctly, so clearly the client > > > is able to access the FreeIPA server and retrieve groups. > > > > It's working fine with Fedora 15 clients, so I think that the groups > > were migrated OK. > > > > > Please try the following and report the results: > > > > > > getent group 1134 > > > > > > and also > > > getent group <groupname> > > > > > > where <groupname> is the name that is SUPPOSED to match GID 1134. > > > > I've just realised that once I've manually looked up the group using > > the name, the id command is 'fixed': > > > > [root@newton ~]# getent group 1134 > > [root@newton ~]# getent group svn-wfdb-swig-matlab > > svn-wfdb-swig-matlab:*:1134:ikaro,djscott > > [root@newton ~]# getent group 1134 > > svn-wfdb-swig-matlab:*:1134:ikaro,djscott > > [root@newton ~]# id djscott > > uid=768(djscott) gid=1002(legacy-group) > > groups=1002(legacy-group),1134(svn-wfdb-swig-matlab),1130,1118,1103,1108,1113,789600001(ipausers),1102,1109,1129,1111 > > > > The initial getent returned no data. But the group info seems OK once > > I've done one lookup. > > > > That's weird, id runs getgrgid() on each of the returned group GIDs >
I know what's going on here. It was a stupid glibc screw-up in Fedora 16. Remove the line starting with "initgroups: " from your /etc/nsswitch.conf file. See https://bugzilla.redhat.com/show_bug.cgi?id=751450 for more details.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
