On Mon, Mar 03, 2014 at 02:01:52PM -0500, Steve Dainard wrote: > Hi Jakub, id info from earlier response: > > > Very interesting, my IPA group membership in ad_admins isn't > > shown by > > that command on first run (new login) > > > > [email protected]@__ubu1310:~$ id sdainard-admin > > uid=799002462(sdainard-admin@__miovision.corp) > > gid=799002462(sdainard-admin@__miovision.corp) > > groups=799002462([email protected]),__ > 799001380([email protected]),__ > 799001417([email protected]),__799000519(enterprise > > [email protected]),__799001416(hr-share-access@__ > miovision.corp),799000512(__domain > > [email protected]),__799000513(domain > > [email protected]),__799002464(it - > > [email protected]),__799002469(kloperators@__ > miovision.corp),799002468([email protected]) > > > > [email protected]@__ubu1310:~$ sudo su > > [sudo] password for [email protected]: > > [email protected] is not allowed to run sudo on > ubu1310. > > This incident will be reported. > > > > But after attempting the sudo command my groups do contain the IPA > > groups admins,ad_admins: > > > > [email protected]@__ubu1310:~$ id sdainard-admin > > uid=799002462(sdainard-admin@__miovision.corp) > > gid=799002462(sdainard-admin@__miovision.corp) > > groups=799002462([email protected]),__ > 799001380([email protected]),__ > 799001417([email protected]),__799000519(enterprise > > [email protected]),__799001416(hr-share-access@__ > miovision.corp),799000512(__domain > > [email protected]),__799000513(domain > > [email protected]),__799002464(it - > > [email protected]),__799002469(kloperators@__ > miovision.corp),799002468([email protected]),*__ > 1768200000(admins),1768200004(__ad_admins)* > >
Interesting, I would have thought that both sudo and id after login yield the same information. Can you send the SSSD logs? Feel free to send them privately. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
