On Wed, Feb 27, 2013 at 01:36:58PM +0000, Longina Przybyszewska wrote: > > On Wed, Feb 27, 2013 at 10:11:03AM +0000, Longina Przybyszewska wrote: > > > ------------------ > > Another problem - with group IDs: > > > > After login to the terminal, I get the long list of warnings for all > > groups 1172xxxxx - it really delays login, as the list is long. Do I miss > > some config options ? > > > > su - testuser > > ... > > groups: cannot find name for group ID XXXXXXX ... > > > > >>That's quite suspicious. How deep is your nesting structure? Are the groups > >>that you only see numbers for two or more levels deep? The only known bug > >>that could be related is > >>https://fedorahosted.org/sssd/ticket/1755 > > >>can you try setting ldap_group_nesting_level to a higher number to check if > >>the issue is resolved? > > How can I find out about the nesting structure in AD? > > I tried with nesting_level 3|4|5 > > It doesn't help for login issue - the same long list for all nesting levels > of from command > > su - testuser > > > The number of groups listed in 'id ' command changes with 'nesting_level': > > (Nesting level =5) > alongina@victoria:~$ id -G testuser > 332400513 > alongina@victoria:~$ id -G -n testuser > domain users > alongina@victoria:~$ id testuser > uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain > users) > > (nesting level=4) > > alongina@victoria:~$ id -G testuser > 332400513 332411734 332411220 332411221 332405659 332410635 332403786 > 332403699 332407177 332408204 332408312 332406100 332408307 332413664 > 332402685 332402830 332411184 > alongina@victoria:~$ id -G -n testuser > domain users data-nat-nat-it-groupdrive rw nat-fnc-pri-setdiscription > nat-pri-setcomputerdesc imada-terminal-users nat-it-outlook-admin > nat-terminal-users terminal brugere dl-nat-it-staff nat-it-ansatte > nat-it-ad-hoc nat-esignatur dl-nat-it nat-ctxusers common_users nat-lectures > nat-booking > alongina@victoria:~$ id testuser > uid=332405654(longina) gid=332400513(domain users) groups=332400513(domain > users),332411734(data-nat-nat-it-groupdrive > rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(imada-terminal-users),332410635(nat-it-outlook-admin),332403786(nat-terminal-users),332403699(terminal > > brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),332408312(nat-it-ad-hoc),332406100(nat-esignatur),332408307(dl-nat-it),332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking) > > > It depends somehow on cache. > Just after emptying cache I get the very long listing. > > root@victoria:/var/lib/sss/db# service sssd stop > sssd stop/waiting > root@victoria:/var/lib/sss/db# \rm -rf * > root@victoria:/var/lib/sss/db# service sssd start > sssd start/running, process 3635 > root@victoria:/var/lib/sss/db# id testuser > uid=332405654(testuser) gid=332400513(domain users) groups=332400513(doma > in users),332402685(common_users),1172668083,1172671850,1172626924,11726 > 70697,1172632585,1172657894,1172647528,1172673996,1172630281,1172650784, > 1172649006,1172646018,1172626637,1172668082,1172647518,332406100(nat-esi > gnatur),332403786(nat-terminal-users),1172647527,332405659(imada-termina > l-users),1172647519,1172671034,1172652129,1172650787,1172608193,11726460 > 19,1172649007,1172645844,1172630472,1172648739,1172645167,332402830(nat- > lectures),1172649004,1172649400,1172671853,1172650786,332408307(dl-nat-i > t),1172645166,1172645845,988802256,1172651920,1172649005,1172659655,1172 > 606592,1172647852,1172633504,1172667765,1172666809,1172645842,1172649046 > ,1172667764,1172647523,1172626846,1172633505,1172645161,1172658369,11726 > 45843,1172616454,1172607216,332411221(nat-pri-setcomputerdesc),117265924 > 9,332410635(nat-it-outlook-admin),1172645163,1172644173,1172670698,98880 > 3287,1172645162,1172645841,1172659248,1172666810,1172659262,1172626838,1 > 172647520,988807606,1172626843,332411220(nat-fnc-pri-setdiscription),117 > 2612780,1172649045,1172645152,1172645147,1172626938,1172658370,117265836 > 5,1172630586,1172649398,1172627322,332413664(nat > -ctxusers),1172607213,1172626943,1172649060,1172681172,332408204(nat-it-ansatte),1172632583,1172658364,1172626827,332407177(dl-nat-it-staff),1172658371,1172653861,1172645344,332403699(terminal > > brugere),1172649061,1172645146,1172632578,1172671847,1172626940,1172626841,1172648741,1172649062,1172632579,1172658363,1172627278,1172645150,1172653860,332411184(nat-booking),332408312(nat-it-ad-hoc),1172632582,1172645145,1172671028,1172645144,1172627767,1172626935,1172632581,1172672165,1172645151,1172671032,332411734(data-nat-nat-it-groupdrive > > rw),1172657810,1172612322,1172650789,1172648253,1172657811,1172681132,1172648254,1172649064,1172627766,1172645974,1172672164,1172671286,1172632580,1172648736,1172679679,1172622933,1172679716,1172645975,1172671030,1172620701,1172681776,1172650191,1172648735 > > The same command issued immediately again produces different output: > > id testuser > uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain > users),1172649061,1172649062,1172649064,1172650191,1172650789,1172651920,1172653860,1172653861,1172657810,1172657811,1172657894,1172658363,1172658371,1172668083,1172670697,1172671028,1172671030,1172671032,1172671286,1172671847,1172671850,1172672164,1172672165,1172679679,1172679716,1172681132,1172681776,332411734(data-nat-nat-it-groupdrive > > rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(imada-terminal-users),332410635(nat-it-outlook-admin),332403786(nat-terminal-users),332403699(terminal > > brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),332408312(nat-it-ad-hoc),332406100(nat-esignatur),332408307(dl-nat-it),332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking) > > > Longina
OK, this sounds like some kind of a bug. Can you try removing all caches, including the memory cache (rm -f /var/lib/sss/db/cache_*.ldb /var/lib/sss/mc/*), raise debugging in the [domain] section and attach /var/log/sssd/sssd_$domain.log ? That should help identify why we are not resolving all the gids. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
