On Mon, Jun 03, 2013 at 09:22:21PM -0400, Aly Khimji wrote: > Hey guys, > > Just wanted to say thank you for all your support with everything and > answering all my questions. > > Just wanted to show you something, maybe you can shed some light.. > Below is my self running the ID command on 2 different nodes (1) the IDM > server and the other the IDM client. I get two different results of my user > ID, the client being correct and the server not having the correct groups > displaying with the ID, and even having one that has been deleted. > > Is there someplace this information in cached? or I can set an invalidator > so that the information is pulled down or is forced to expire quicker so > its checked from AD? > > CLIENT: > -sh-4.1$ hostname > rhidmclient.nix.corpnonprd.xxxx.com > -sh-4.1$ id > uid=59401108([email protected]) gid=59401108( > [email protected]) > groups=59401108([email protected]),59400512(domain > [email protected]), > 59400513(domain [email protected]),59401123( > [email protected]), > 162200012(mirra-supapp-admin-nix-cde) > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > > SERVER: > didmsvrua01.nix.corpnonprd.xxxx.com > [root@didmsvrua01 ~]# id akhimji@corpnonprd > uid=59401108([email protected]) gid=59401108( > [email protected]) > groups=59401108([email protected]),59400513,59400513,59401113( > [email protected]) > > just a note this group [59401113([email protected])] was deleted on > AD, and correctly doesn't show up on the client, but remains in the server.
Group-memberships are cached for some time by SSSD so I would guess you see cached data on the server. But during authentication the group-memberships of a user are updated. Can you check if [email protected] does away if you log in with akhimji@corpnonprd on the server? bye, Sumit > > Please let me know if you need more info (eg logs, etc..) > > Thx > > Aly > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
