[Sorry for the delay following up on this...]
On 5/14/12 3:32 AM, Jan Zelený wrote:
You are correct. The object is expired but the problem is that your queries
for mock group don't reach SSSD, thus making it unable to refresh the record.
Try getent -s sss group mock, that might do the trick.
A
On 5/11/12 10:22 AM, Stephen Gallagher wrote:
On Fri, 2012-05-11 at 10:19 -0400, Braden McDaniel wrote:
As I mentioned at the top of the thread, I changed the local group GID
on the Fedora 16 installation to 989 (from 990) to match the Fedora 17
installation. Things appear to be working fine
run ldbsearch -H
> /var/lib/sss/db/cache_.ldb and paste me the object
> representing the user? You can also look if there is a group object with GID
> 990 just to be sure.
I think we're onto something here. The object for my user:
dn: name=braden,cn=users,cn=default,cn=
nd still the user appears to be
> > a member of pulse-access (rather than mock).
>
> And when you run getent group mock, the GID is correct or still wrong?
$ getent group mock
mock:x:989:
That's correct (that is, it's consistent with that's in LDAP); but it
was correct b
ory cache to expire
> as well (or you can just restart SSSD).
Sounds promising... but I tried that (as well as -U and -N), restarted
sssd, logged out and logged back in... and still the user appears to be
a member of pulse-access (rather than mock).
--
p with GID 990; and now the group *name* is being got from
LDAP, associated with the old GID, and that old GID is being conveyed to
tools that (rightfully) associate GID 990 with the local pulse-access
group.
Can anyone shed some light on what might be happening here?
--
Braden McDaniel
___
On Tue, 2012-04-17 at 13:18 -0400, Dmitri Pal wrote:
> On 04/17/2012 01:59 AM, Jakub Hrozek wrote:
> > On Mon, Apr 16, 2012 at 10:35:57PM -0400, Braden McDaniel wrote:
> >> Is it the case that local authentication, if available, is simply
> >> preferred to Kerberos?
On Mon, 2012-04-16 at 09:19 -0400, Dmitri Pal wrote:
> On 04/16/2012 01:29 AM, Braden McDaniel wrote:
> > On Sun, 2012-04-15 at 15:37 -0400, Braden McDaniel wrote:
> >
> >> I've had more or less the same experience upon a fresh install of the
> >> Fedor
On Sun, 2012-04-15 at 15:37 -0400, Braden McDaniel wrote:
> I've had more or less the same experience upon a fresh install of the
> Fedora 17 prerelease on a different machine.
This one's working fine, now; I had forgotten to add a host principal
for the machine.
The Fedora 1
On Sun, 2012-04-15 at 20:24 +0200, Jakub Hrozek wrote:
> On Fri, Apr 13, 2012 at 11:51:01PM -0400, Braden McDaniel wrote:
> > I have set up Kerberos and OpenLDAP on Fedora 16. For the most part,
> > things seem to be working; I can use "kinit" to get a Kerberos ticket.
nfig-authentication", the authentication method is set to
"Kerberos password". Where should I be looking to see what's missing?
--
Braden McDaniel
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
11 matches
Mail list logo
