Re: [Freeipa-users] Fedora 16 client not getting group names
On Fri, 2012-01-27 at 10:36 -0500, Dan Scott wrote: Hi, I have a Fedora 16 client running sssd-client-1.6.4-1.fc16.x86_64. When I run, e.g. id djscott, I do not get the names of the groups: -bash-4.2$ id djscott uid=768(djscott) gid=1002(legacy-group) groups=1002(legacy-group),1134,1130,1118,1103,1108,1113,78961(ipausers),1102,1109,1129, Is this because they have low GIDs? (These were migrated over from my old FreeIPA 1 installation and I'd rather not re-number them all). Can someone help me to figure out how to retrieve the group names? This is working fine on the Fedora 15 clients (sssd-1.5.x). This looks to me like you didn't migrate all of the groups. GIF 1002 and 78961 are both reporting the names correctly, so clearly the client is able to access the FreeIPA server and retrieve groups. Please try the following and report the results: getent group 1134 and also getent group groupname where groupname is the name that is SUPPOSED to match GID 1134. signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Fedora 16 client not getting group names
On Fri, Jan 27, 2012 at 11:47:01AM -0500, Dan Scott wrote: Hi, On Fri, Jan 27, 2012 at 10:48, Stephen Gallagher sgall...@redhat.com wrote: On Fri, 2012-01-27 at 10:36 -0500, Dan Scott wrote: Hi, I have a Fedora 16 client running sssd-client-1.6.4-1.fc16.x86_64. When I run, e.g. id djscott, I do not get the names of the groups: -bash-4.2$ id djscott uid=768(djscott) gid=1002(legacy-group) groups=1002(legacy-group),1134,1130,1118,1103,1108,1113,78961(ipausers),1102,1109,1129, Is this because they have low GIDs? (These were migrated over from my old FreeIPA 1 installation and I'd rather not re-number them all). Can someone help me to figure out how to retrieve the group names? This is working fine on the Fedora 15 clients (sssd-1.5.x). This looks to me like you didn't migrate all of the groups. GIF 1002 and 78961 are both reporting the names correctly, so clearly the client is able to access the FreeIPA server and retrieve groups. It's working fine with Fedora 15 clients, so I think that the groups were migrated OK. Please try the following and report the results: getent group 1134 and also getent group groupname where groupname is the name that is SUPPOSED to match GID 1134. I've just realised that once I've manually looked up the group using the name, the id command is 'fixed': [root@newton ~]# getent group 1134 [root@newton ~]# getent group svn-wfdb-swig-matlab svn-wfdb-swig-matlab:*:1134:ikaro,djscott [root@newton ~]# getent group 1134 svn-wfdb-swig-matlab:*:1134:ikaro,djscott [root@newton ~]# id djscott uid=768(djscott) gid=1002(legacy-group) groups=1002(legacy-group),1134(svn-wfdb-swig-matlab),1130,1118,1103,1108,1113,78961(ipausers),1102,1109,1129, The initial getent returned no data. But the group info seems OK once I've done one lookup. That's weird, id runs getgrgid() on each of the returned group GIDs Maybe the sssd cache is corrupt/out-of-date? How can I refresh it? WARNING: removing the cache would remove the cached passwords service sssd stop rm -f /var/lib/sss/db/cache*.ldb service sssd start If the group names still wouldn't show up, can you post logs when performing the id command? SSSD 1.7 contains a much more user-friendly way to just mark the entries in cache as expired using the sss_cache command. Thanks, Dan ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Fedora 16 client not getting group names
On Fri, 2012-01-27 at 17:57 +0100, Jakub Hrozek wrote: On Fri, Jan 27, 2012 at 11:47:01AM -0500, Dan Scott wrote: Hi, On Fri, Jan 27, 2012 at 10:48, Stephen Gallagher sgall...@redhat.com wrote: On Fri, 2012-01-27 at 10:36 -0500, Dan Scott wrote: Hi, I have a Fedora 16 client running sssd-client-1.6.4-1.fc16.x86_64. When I run, e.g. id djscott, I do not get the names of the groups: -bash-4.2$ id djscott uid=768(djscott) gid=1002(legacy-group) groups=1002(legacy-group),1134,1130,1118,1103,1108,1113,78961(ipausers),1102,1109,1129, Is this because they have low GIDs? (These were migrated over from my old FreeIPA 1 installation and I'd rather not re-number them all). Can someone help me to figure out how to retrieve the group names? This is working fine on the Fedora 15 clients (sssd-1.5.x). This looks to me like you didn't migrate all of the groups. GIF 1002 and 78961 are both reporting the names correctly, so clearly the client is able to access the FreeIPA server and retrieve groups. It's working fine with Fedora 15 clients, so I think that the groups were migrated OK. Please try the following and report the results: getent group 1134 and also getent group groupname where groupname is the name that is SUPPOSED to match GID 1134. I've just realised that once I've manually looked up the group using the name, the id command is 'fixed': [root@newton ~]# getent group 1134 [root@newton ~]# getent group svn-wfdb-swig-matlab svn-wfdb-swig-matlab:*:1134:ikaro,djscott [root@newton ~]# getent group 1134 svn-wfdb-swig-matlab:*:1134:ikaro,djscott [root@newton ~]# id djscott uid=768(djscott) gid=1002(legacy-group) groups=1002(legacy-group),1134(svn-wfdb-swig-matlab),1130,1118,1103,1108,1113,78961(ipausers),1102,1109,1129, The initial getent returned no data. But the group info seems OK once I've done one lookup. That's weird, id runs getgrgid() on each of the returned group GIDs I know what's going on here. It was a stupid glibc screw-up in Fedora 16. Remove the line starting with initgroups: from your /etc/nsswitch.conf file. See https://bugzilla.redhat.com/show_bug.cgi?id=751450 for more details. signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
