Hi all,
I am very confused on why I am not able to enumerate the group members on a centos 8 machine with the above command, but I can on a centos 7 machine.
[root@centos8-1 log]# getent group -s sss video video:x:39:
[root@centos7-n11 log]# getent group -s sss video video:*:39:<lots of users>
Both are configured with the same sssd.conf file, and both have "enumerate = True" in the domain section.
In addition, if I just do "getent group" without the "-s sss" the group and all of its members show up properly on both machines.
Super confused here. Thanks in advance for the help!
Am Thu, Jan 27, 2022 at 04:06:19PM -0600 schrieb Russell Jones via FreeIPA-users:
Hi all,
I am very confused on why I am not able to enumerate the group members on a centos 8 machine with the above command, but I can on a centos 7 machine.
[root@centos8-1 log]# getent group -s sss video video:x:39:
[root@centos7-n11 log]# getent group -s sss video video:*:39:<lots of users>
Both are configured with the same sssd.conf file, and both have "enumerate = True" in the domain section.
In addition, if I just do "getent group" without the "-s sss" the group and all of its members show up properly on both machines.
Super confused here. Thanks in advance for the help!
Hi,
can you try if setting
enable_files_domain = false
in the [sssd] section in sssd.conf on centos 8 helps?
bye, Sumit
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Thanks! I did end up finding that configuration. Setting it to false did fix the issue.
To be honest, I don't really understand the point of that configuration option.
On Mon, Feb 7, 2022 at 3:13 AM Sumit Bose via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Am Thu, Jan 27, 2022 at 04:06:19PM -0600 schrieb Russell Jones via FreeIPA-users:
Hi all,
I am very confused on why I am not able to enumerate the group members
on a
centos 8 machine with the above command, but I can on a centos 7 machine.
[root@centos8-1 log]# getent group -s sss video video:x:39:
[root@centos7-n11 log]# getent group -s sss video video:*:39:<lots of users>
Both are configured with the same sssd.conf file, and both have
"enumerate
= True" in the domain section.
In addition, if I just do "getent group" without the "-s sss" the group
and
all of its members show up properly on both machines.
Super confused here. Thanks in advance for the help!
Hi,
can you try if setting
enable_files_domain = falsein the [sssd] section in sssd.conf on centos 8 helps?
bye, Sumit
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Am Mon, Feb 07, 2022 at 09:38:04AM -0600 schrieb Russell Jones:
Thanks! I did end up finding that configuration. Setting it to false did fix the issue.
To be honest, I don't really understand the point of that configuration option.
Hi,
in RHEL-8 SSSD will handle user and groups from /etc/passwd and /etc/group by default as well. Unfortunately there is an issue is groups and members are coming from different domains as in your case (local group, remote users). As a result SSSD can still resolve the local group but not add the corresponding remote members.
'enable_files_domain = false' will switch off the handling of the local files in SSSD and let glibc and the nss modules collect the group members.
HTH
bye, Sumit
On Mon, Feb 7, 2022 at 3:13 AM Sumit Bose via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Am Thu, Jan 27, 2022 at 04:06:19PM -0600 schrieb Russell Jones via FreeIPA-users:
Hi all,
I am very confused on why I am not able to enumerate the group members
on a
centos 8 machine with the above command, but I can on a centos 7 machine.
[root@centos8-1 log]# getent group -s sss video video:x:39:
[root@centos7-n11 log]# getent group -s sss video video:*:39:<lots of users>
Both are configured with the same sssd.conf file, and both have
"enumerate
= True" in the domain section.
In addition, if I just do "getent group" without the "-s sss" the group
and
all of its members show up properly on both machines.
Super confused here. Thanks in advance for the help!
Hi,
can you try if setting
enable_files_domain = falsein the [sssd] section in sssd.conf on centos 8 helps?
bye, Sumit
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
freeipa-users@lists.fedorahosted.org
-
Russell Jones -
Sumit Bose