I've noticed that trusted users supplementary ad groups don't show up until after the users login to the box at least once. Is there a chance that information will be dropped again at any point going forward?
The reason I ask is that on our sftp boxes we chroot users based on group membership. I set that up as an external group in freeIPA and the first time the user logs in to the sftp box, they are dropped in their normal home directory as opposed to the chroot environment. If there is a chance the group membership will not show up correctly again in the future, I'm inclined to change the chroot stanzas to match on user as opposed to group. Is that by design? Running sssd-ipa-1.11.6-30.el6_6.4.x86_64 ipa-client-3.0.0-42.el6.x86_64 on RHEL6x clients against a RHEL7 4.1 ipa server thanks -andy *** This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. *** -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project