On Fri, Jan 27, 2012 at 11:47:01AM -0500, Dan Scott wrote: > Hi, > > On Fri, Jan 27, 2012 at 10:48, Stephen Gallagher <[email protected]> wrote: > > On Fri, 2012-01-27 at 10:36 -0500, Dan Scott wrote: > >> Hi, > >> > >> I have a Fedora 16 client running sssd-client-1.6.4-1.fc16.x86_64. > >> > >> When I run, e.g. id djscott, I do not get the names of the groups: > >> > >> -bash-4.2$ id djscott > >> uid=768(djscott) gid=1002(legacy-group) > >> groups=1002(legacy-group),1134,1130,1118,1103,1108,1113,789600001(ipausers),1102,1109,1129,1111 > >> > >> Is this because they have low GIDs? (These were migrated over from my > >> old FreeIPA 1 installation and I'd rather not re-number them all). > >> > >> Can someone help me to figure out how to retrieve the group names? > >> This is working fine on the Fedora 15 clients (sssd-1.5.x). > > > > > > This looks to me like you didn't migrate all of the groups. GIF 1002 and > > 789600001 are both reporting the names correctly, so clearly the client > > is able to access the FreeIPA server and retrieve groups. > > It's working fine with Fedora 15 clients, so I think that the groups > were migrated OK. > > > Please try the following and report the results: > > > > getent group 1134 > > > > and also > > getent group <groupname> > > > > where <groupname> is the name that is SUPPOSED to match GID 1134. > > I've just realised that once I've manually looked up the group using > the name, the id command is 'fixed': > > [root@newton ~]# getent group 1134 > [root@newton ~]# getent group svn-wfdb-swig-matlab > svn-wfdb-swig-matlab:*:1134:ikaro,djscott > [root@newton ~]# getent group 1134 > svn-wfdb-swig-matlab:*:1134:ikaro,djscott > [root@newton ~]# id djscott > uid=768(djscott) gid=1002(legacy-group) > groups=1002(legacy-group),1134(svn-wfdb-swig-matlab),1130,1118,1103,1108,1113,789600001(ipausers),1102,1109,1129,1111 > > The initial getent returned no data. But the group info seems OK once > I've done one lookup. >
That's weird, id runs getgrgid() on each of the returned group GIDs > Maybe the sssd cache is corrupt/out-of-date? How can I refresh it? WARNING: removing the cache would remove the cached passwords service sssd stop rm -f /var/lib/sss/db/cache*.ldb service sssd start If the group names still wouldn't show up, can you post logs when performing the id command? SSSD 1.7 contains a much more user-friendly way to just mark the entries in cache as expired using the sss_cache command. > > Thanks, > > Dan > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
