Hey Jakub, Getent passwd returns all of the IPA users when searching either the username or UID. Yes I know that permissions are defined by UID/GID, used a new UID that has not been previously used for this new account for this test.
Good to know, I disabled the nscd service. Here is the output of the strace for chown on a directory. execve("/bin/chown", ["chown", "wpooh", "/home/wpooh"], [/* 32 vars */]) = 0 brk(0) = 0x1095000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b698000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0 mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000 close(3) = 0 open("/lib64/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\341\0044\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1918016, ...}) = 0 mmap(0x3404e00000, 3741864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3404e00000 mprotect(0x3404f89000, 2093056, PROT_NONE) = 0 mmap(0x3405188000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x188000) = 0x3405188000 mmap(0x340518d000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x340518d000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b674000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b673000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b672000 arch_prctl(ARCH_SET_FS, 0x7f5f4b673700) = 0 mprotect(0x3405188000, 16384, PROT_READ) = 0 mprotect(0x340481f000, 4096, PROT_READ) = 0 munmap(0x7f5f4b675000, 142486) = 0 brk(0) = 0x1095000 brk(0x10b6000) = 0x10b6000 open("/usr/lib/locale/locale-archive", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0 mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f457e1000 close(3) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/etc/nsswitch.conf", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=1734, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000 read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1734 read(3, "", 4096) = 0 close(3) = 0 munmap(0x7f5f4b697000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0 mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000 close(3) = 0 open("/lib64/libnss_files.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0 mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f455d3000 mprotect(0x7f5f455df000, 2097152, PROT_NONE) = 0 mmap(0x7f5f457df000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f5f457df000 close(3) = 0 mprotect(0x7f5f457df000, 4096, PROT_READ) = 0 munmap(0x7f5f4b675000, 142486) = 0 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC) fstat(3, {st_mode=S_IFREG|0644, st_size=3404, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3404 read(3, "", 4096) = 0 close(3) = 0 munmap(0x7f5f4b697000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0 mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000 close(3) = 0 open("/lib64/libnss_ldap.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\25\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=44328, ...}) = 0 mmap(NULL, 2139496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f453c8000 mprotect(0x7f5f453d3000, 2093056, PROT_NONE) = 0 mmap(0x7f5f455d2000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f5f455d2000 close(3) = 0 munmap(0x7f5f4b675000, 142486) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0 mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000 close(3) = 0 open("/lib64/libnss_sss.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \22\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=23792, ...}) = 0 mmap(NULL, 2119312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f451c2000 mprotect(0x7f5f451c8000, 2093056, PROT_NONE) = 0 mmap(0x7f5f453c7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f5f453c7000 close(3) = 0 munmap(0x7f5f4b675000, 142486) = 0 getpid() = 20913 fstat(-1, 0x7fff2d84dca0) = -1 EBADF (Bad file descriptor) socket(PF_FILE, SOCK_STREAM, 0) = 3 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR) fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(3, F_GETFD) = 0 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0 fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}]) write(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}]) write(3, "\1\0\0\0", 4) = 4 poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "\1\0\0\0", 4) = 4 poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}]) write(3, "\26\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}]) write(3, "wpooh\0", 6) = 6 poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "J\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "\1\0\0\0\0\0\0\0(\n\0\0\320\7\0\0wpooh\0*\0Winnie P"..., 58) = 58 newfstatat(AT_FDCWD, "/home/wpooh", {st_mode=S_IFDIR|S_ISUID|S_ISGID|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 fchownat(AT_FDCWD, "/home/wpooh", 2600, 4294967295, 0) = -1 EINVAL (Invalid argument) open("/usr/share/locale/locale.alias", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000 read(4, "# Locale name alias data base.\n#"..., 4096) = 2512 read(4, "", 4096) = 0 close(4) = 0 munmap(0x7f5f4b697000, 4096) = 0 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=435, ...}) = 0 mmap(NULL, 435, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f5f4b697000 close(4) = 0 write(2, "chown: ", 7) = 7 write(2, "changing ownership of `/home/wpo"..., 35) = 35 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, ": Invalid argument", 18) = 18 write(2, "\n", 1) = 1 close(1) = 0 close(2) = 0 close(3) = 0 exit_group(1) = ? Thanks, Matt -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Jakub Hrozek Sent: Thursday, April 16, 2015 10:25 AM To: freeipa-users@redhat.com Subject: EXTERNAL: Re: [Freeipa-users] Usernames not being seen on IPA Master On Thu, Apr 16, 2015 at 01:13:56PM +0000, Joseph, Matthew (EXP) wrote: > Hello, > > I'm running into an issue where a new user account created on the master > server is not being seen for changing file permissions and such. Is the new user visible on the master itself via the standard system interfaces (getent passwd $newuser, id $user) ? > I can login using the newly created user account but when I try to change > permissions on a file/directory it comes up with the following error; > Chown: changing ownership of 'username' : Invalid argument Can you strace the chown invocation so that we're sure what part really fails? > > Now if I go to my replica IPA server it works fine. > > I deleted the user and created it again with the same username, gave the > account a different UID and when I tried to permission the directory again it > states the same error as above. Please note that file ownership is defined by IDs, not usernames, so if you recreate a user with different ID, you need to chown all his previously used files. > I changed the permissions on the replica server and went back to the master > and looked at the permissions of the directory and it's showing the old UID. > I can login as the new user and the permissions are fine, the user can create > and modify files in that directory. > > When I run ipa user-find -all -raw username it brings up all of the correct > information that I entered for the account. > I searched for the old UID that was used with this account before but it > doesn't seem to exist in IPA. > > I've tried restarting the IPA service and remounting the directory that > contains the required folders but with no luck. > I cleared the SSSD and the NSCD cache. Using nscd along with SSSD is discouraged. We recommend to disable nscd, at last for the maps that SSSD caches. SSSD provides its own fast in-memory cache, so you won't lose performance. > > Does IPA have another cache that needs to be cleared or anything like that? > > > Thanks, > > Matt > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project