On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: > > I have 300 out of 3000 users whose /home/<username> dir shows uid and gid > > instead of username and groupname. > > > > It seems to be behaving like a bug > > > > As soon I become a user with `sudo su - username' the uid of the home dir > > changes to username but gid still does not change to groupname. > > > > I also get an error message, but still successfully become that user > > > > $ ls -ld /home/mbniels > > drwx------. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels > > > > $ su - mbniels > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 > > /usr/bin/id: cannot find name for group ID 80974 > > groups: cannot find name for group ID 80974 > > > > $ ls -ld /home/mbniels > > drwx------. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels > > > > Then to check the groups of username I get another error which then gets > > cleared by next command. > > > > $ groups mbniels > > mbniels : groups: cannot find name for group ID 80974 > > 80974 users > > > > $ getent group mbniels > > mbniels:*:80974 > > > > $ groups mbniels > > mbniels : mbniels users > > > > It also fixes the gid to groupname > > > > $ ls -ld /home/mbniels/ > > drwx------. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/ > > > > I noticed it reverts after may be within half an hour, not exact sure > when. > > Almost behaves like `quantum entanglement'. > > As soon as I try to check by trying to become that user the issue > > disappears. > > > > This is not just cosmetic issue, when the home dir shows ownership with > > uid, instead of username, the user fails some commands. > > > > We just started noticing today, since we just built this box and only few > > months ago and users are being invited to start using this server > > > > Some annoying error it is showing like below and user then fails to ssh > > > > $ ssh remote > > No user exists for uid 80974 > > > > I am using centos 7 and sssd 1.15.2 > > > > $ cat /etc/redhat-release > > CentOS Linux release 7.4.1708 (Core) > > > > $ sssd --version > > 1.15.2 > > > > Here are some relevant logs > > https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA > > It looks like you are not using a plain RFC2307bis LDAP schema. Can you > send you sssd.conf and a typical LDAP user and group object? > > bye, > Sumit > > I am using rfc2307bis Here is the sssd.conf (sanitized) [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss,pam,sudo domains = LDAP [nss] reconnection_retries = 3 filter_groups = root,wheel filter_users = root [pam] reconnection_retries = 3 offline_credentials_expiration = 0 pam_verbosity = 3 [sudo] [domain/LDAP] chpass_provider = ldap access_provider = ldap id_provider = ldap case_sensitive = False ldap_schema = rfc2307bis ldap_search_base = ou=People,dc=example,dc=com ldap_uri = ldaps://192.168.1.100, ldaps://192.168.1.101 ldap_access_order = filter ldap_access_filter = (&(objectClass=mnetPerson)(nationnumber=USA)) ldap_user_uid_number = mnetid ldap_user_gid_number = mnetid ldap_group_gid_number = mnetid ldap_group_object_class = inetOrgPerson ldap_user_object_class = mnetPerson ldap_user_fullname = uid ldap_group_name = uid ldap_network_timeout = 3 ldap_tls_reqcert = allow ldap_tls_cacert = /etc/ssl/certs/hostca.cer ldap_chpass_update_last_change = true ldap_pwd_policy = none ldap_account_expire_policy = none ldap_default_authtok_type = password ldap_default_bind_dn = uid=binduid,ou=people,dc=example,dc=com ldap_default_authtok = secretsanitized auth_provider = ldap krb5_server = 192.168.1.102:88, 192.168.1.103:88 krb5_backup_server = 192.168.1.102 krb5_realm = IT.INTRANET krb5_auth_timeout = 15 cache_credentials = true default_shell = /bin/bash override_homedir = /home/%u > > > Appreciate any help > > > > > > > > > > -- > > Asif Iqbal > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > > _______________________________________________ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org