Hi, I'm currently having an issue where if I log in as a user on a freshly rebooted machine, their group membership is not populated, so things like sudo do not work properly. If I do a getent group <group>, log out and log back in again, then it works properly.
for example -sh-4.1$ groups dpoulson dpoulson : dpoulson ops_admins helpdesk -sh-4.1$ getent group ops_users ops_users:*:50130:dpoulson,anotheruser,andanother,etc -sh-4.1$ groups dpoulson dpoulson : dpoulson ops_admins helpdesk ops_users -sh-4.1$ groups dpoulson ops_admins helpdesk <logout/login> -sh-4.1$ groups dpoulson helpdesk ops_admins ops_users (the user is actually meant to be a member of 6 groups) Client and server machines are all fresh installs of CentOS 6.6, running: ipa-server-3.0.0-42.el6.centos.x86_64 ipa-client-3.0.0-42.el6.centos.x86_64 All config files I've checked are identical (/etc/nsswitch.conf, /etc/sssd/sssd.conf, /etc/sudo-ldap.conf) - any more I should check? Tho that being said, they were all kickstarted from the same image with the same chef recipes. /etc/sssd/sssd.conf: [domain/bur.us.genops] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = bur.us.genops id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = pwm1-01.bur.us.genops chpass_provider = ipa ipa_dyndns_update = True ipa_server = _srv_, freeipa1-01.bur.us.genops ldap_tls_cacert = /etc/ipa/ca.crt debug_level = 8 [sssd] services = nss, sudo, pam, ssh config_file_version = 2 domains = bur.us.genops [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] /etc/nsswitch.conf passwd: files sss shadow: files sss group: files sss #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss publickey: nisplus automount: files sss aliases: files nisplus sudoers: files sss Any ideas where to start looking? Thanks, Darren. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
