Jakub wrote in comment #1 > Is the behaviour reproducable within a single SSSD session? > In other words, if you log in after the ten seconds have > passed and the getent command reports correct group > memberships, does "groups" still show wrong membership?
Sorry, Jakub, I didn't answer this question in my first reply to your comment. As Stephen has just pointed out, the output of "groups" doesn't ever change. It reports information collected at login time. The output of "groups foo" does change ten seconds after restarting sssd. root@ellen:/# su foo foo@ellen:/$ groups domusers foo@ellen:/$ groups foo foo : domusers foo@ellen:/$ # Restart sssd here foo@ellen:/$ groups domusers foo@ellen:/$ groups foo foo : domusers foo@ellen:/$ # Wait ten seconds foo@ellen:/$ groups domusers foo@ellen:/$ groups foo foo : domusers devel publish domadmins foo@ellen:/$ Logging in again causes foo to disappear again from all but one group. foo@ellen:/$ exit exit root@ellen:/# su foo foo@ellen:/$ groups domusers foo@ellen:/$ groups foo foo : domusers -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1049186 Title: sssd forgets group memberships of foo when foo logs in; remembers them after ten seconds after restarting sssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1049186/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
