On Mon, Jul 23, 2018 at 11:08:54AM -0400, sssdusers.20.retin...@spamgourmet.com wrote: > Unfortunately it seems to not be so easy: > rtadmin@ubt18-test:~$ cat /etc/nsswitch.conf > ... > #passwd: compat systemd sss > #group: compat systemd sss > passwd: files sss > group: files sss > shadow: files sss > gshadow: files > ... > rtadmin@ubt18-test:~$ getent passwd user1 > user1:*:30335:33111:User One:/users/user1:/bin/bash > rtadmin@ubt18-test:~$ groups user1 > user1 : unix_users groups: cannot find name for group ID 33118 > 33118 > > Curiously, when I did `getent passwd user1` it seems to have resolved and > cached the primary group, but not any secondary groups. > > Discussing `sss_cache -E`, > rtadmin@ubt18-test:~$ sudo sss_cache -E > rtadmin@ubt18-test:~$ groups user1 > user1 : groups: cannot find name for group ID 33111 > 33111 groups: cannot find name for group ID 33118 > 33118 > rtadmin@ubt18-test:~$ groups user2 > user2 : groups: cannot find name for group ID 33111 > 33111 > rtadmin@ubt18-test:~$ getent passwd user2 > user2:*:30255:33111:User Two:/users/user2:/bin/bash > rtadmin@ubt18-test:~$ groups user2 > user2 : groups: cannot find name for group ID 33111 > 33111 > # (note that user2 is not in group 33118.)
There are two issues. One is that initgroups does not find the supplementary groups and the other that the group ID cannot be resolved. For both it would be nice to see the logs, but since you were modifying nsswitch.conf -- is there an initgroups: line there at all? If not, it's fine because libc falls back to the groups: line, but if initgroups: is specified, it must contain sss as well. > > -- and that also shoots down my assumption regarding `getent passwd <user>` > causing the primary group to be cached. > > > > On Fri, Jul 20, 2018 at 5:55 PM, Joakim Tjernlund - > joakim.tjernl...@infinera.com < > sssdusers.retinkab.d133d58ee0.Joakim.Tjernlund#sssd-users@lists.fedorahosted.org> > wrote: > > > Start with replacing compat with files in nsswitch.conf > > > > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/WNJZ6NRRSSN5UBVXSP34OUPVNMYDGVX2/ _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/XYYPS4JKVNRLJKOBUNI46A7SDMSA2RCF/
