-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi List,
I am running into some odd issues with IPA and users not inheriting all groups they are a member of. I spent a lot of time nesting groups so that when we add a user all of the groups they need with one group setting (a boon for automation). However I am finding a small percentage of users who are in the proper groups in IPA but the server does not pick up all the groups involved, until I add those specific users to the group in question. For clarity: 1) Most users inherit groups fine 2) A small percentage (2-3% discovered so far) Do not inherit one or more of the needed groups. 3) Work around found by adding users directly to group instead of nested in proper group (though less than ideal) Versions Client: Linux 2.6.32-431.11.2.el6.x86_64 #1 SMP x86_64 GNU/Linux ipa-client-3.0.0-37.el6.x86_64 libsss_sudo-1.9.2-129.el6_5.4.x86_64 libsss_idmap-1.9.2-129.el6_5.4.x86_64 libsss_autofs-1.9.2-129.el6_5.4.x86_64 sssd-client-1.9.2-129.el6_5.4.x86_64 sssd-1.9.2-129.el6_5.4.x86_64 Servers (both identical): Linux 2.6.32-431.17.1.el6.x86_64 #1 SMP x86_64 GNU/Linux ipa-server-3.0.0-37.el6.x86_64 sssd-client-1.9.2-129.el6_5.4.x86_64 libsss_autofs-1.9.2-129.el6_5.4.x86_64 libsss_idmap-1.9.2-129.el6_5.4.x86_64 sssd-1.9.2-129.el6_5.4.x86_64 Thanks, Bill G. CENIC www.cenic.org -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJT2sZjAAoJEJFMz73A1+zr4NIP+QEjmG5EgwLAHhEUPIp9znxp EgJR2xRFl9I+WRh2L1+y5MDGiJwTPCSwak6IRRchbfXNkPNt8xND27LjG5mWynxT kG1nwxF2aczXlUkaA2GDO5524Dj7MwULUoum8xN5Br0VzL9fAblH4Gzh+ZeSZr2W g7r2LelucygELaxQxP8Q/aBoDGnZMlQSahB36MaOwy4wQ+2E/Bp7scShFerBdqaK kRcXRNlGAMtGkOpLT7sf7WYMcVWcY6EX8ZoTB36qucia5C+oGY0psAkaYgJw0tC9 Aht0rj+ZJZqVKoTa1iybfTnfxwrokxFPM1VMOYrXZrWrq1M97KKoPK/mqKoC9spA leNcSJ8yjtTXEFS4RPI4kA9VrujF+4qvKIwZ4EM4Fli2zaFhwmeywtrP/SAMmAGO fbqkEYn4MWrqpRXFSFGpqiycCnXGINMVJkWCWPN89lWX7124cDZJi5PpzAhukWk3 a6Diycia60oY8iAcDqDejO2mXFLO+5iJ+Xaxlr0noKXvMhV1qIEpVNR3wuqcF43W aByAuhvmEhKfJFM4IaZcYI3E8ozblLmY2RH+q5r4vRHWd+10eN+TKhN/kDOEY9gp ELOZ0kxgKkYICJc4gL0VW2fQiVDwQ+2O8LgmLeGOpcic8Yp3yUoEzX+5Z1frVFU5 iGIDDYYNNXU6OmbOOuv+ =MI8L -----END PGP SIGNATURE----- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
