Jakub, Thanks for the follow up.
We try and stick to standard rhel/epel repo's (due to policy) so I am not able to install a non-standard version of sssd. I have decided to disable the User Private Group plugin and convert ipausers to a posix group. There was nothing I could see that required us to use UPG's. This setup is working for me now. Thanks, Les > -----Original Message----- > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- > boun...@redhat.com] On Behalf Of Jakub Hrozek > Sent: Tuesday, 14 July 2015 6:42 PM > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] freeipa and User Private Groups > > On Mon, Jul 13, 2015 at 09:11:09AM +0000, Les Stott wrote: > > Hi All, > > > > Running ipa-3.0.0-42.el6 and sssd-1.11.6-30.el6_6.3.x86_64 > > > > So, by default, when you create a user in freeipa, That user will be set to > have a primary group that is hidden and not a POSIX group. > > > > This means that when the user logs in to a host, they will see something > like... > > > > id: cannot find name for group ID <group_number> > > It is not expected to not be able to return the name of the user group and I > don't see that in my setup. I was suspecting rhbz#1165074 but your sssd > should already have that bug fixed. > > Can you see if the packages from > https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12/ > also show that behaviour? > > If yes, can you get us sssd logs as described here: > https://fedorahosted.org/sssd/wiki/Troubleshooting > > > > > running the id command shows no name returned for this group. > > > > I understand you can disable private groups globally, however it is > discouraged. I also realise you can simply create POSIX groups when creating > users. > > > > In the spirit of trying to stick with the defaults.... > > > > Is there a way to avoid the login error where id can't retrieve the group > name from a UPG? > > > > Thanks, > > > > Les > > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project