Well, if it was the misconfiguration issue, the procedure below would not help, right?
So it must be a bug.
Question: After I do 'rm -rf /var/lib/sssd/db/*' and restart SSSD, will the daemon
continue refreshing Kerberos TGTs for my users?
Thanks,
Ondrej
-----Original Message-----
From: Jakub Hrozek [mailto:jhrozek@redhat.com]
Sent: Thursday, December 03, 2015 9:49 AM
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users]Re: newgrp problem
On Thu, Dec 03, 2015 at 08:42:56AM +0000, Ondrej Valousek wrote:
No. I do not.
The only help seems to be:
# service sssd stop
# rm -rf /var/lib/sssd/db/*
# service sssd start
If you can't resolve users with the default settings, then it's either a
misconfiguration or a bug that should be fixed.
Pretty annoying bug, I have to say.
Question: After I do 'rm -rf /var/lib/sssd/db/*' and restart SSSD, will the
daemon continue refreshing Kerberos TGTs for my users?
Thanks,
Ondrej
-----Original Message-----
From: Jakub Hrozek [mailto:jhrozek@redhat.com]
Sent: Wednesday, December 02, 2015 10:08 PM
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: [SSSD-users]Re: newgrp problem
> On 02 Dec 2015, at 13:42, Ondrej Valousek <ondrej.valousek(a)s3group.com>
wrote:
>
> Yes!
> You were right - thanks for the tip!
> 'getent group' does not list him as a member, but 'groups' and
'id -a' commands do.
>
> Now why?
do you use ignore_group_members=True?
> Tried 'sss_cache -u U && sss_cache -g G2' but did not help.
>
> Ondrej
>
> -----Original Message-----
> From: John Hodrien [mailto:J.H.Hodrien@leeds.ac.uk]
> Sent: Wednesday, December 02, 2015 1:35 PM
> To: End-user discussions about the System Security Services Daemon
> <sssd-users(a)lists.fedorahosted.org>
> Subject: [SSSD-users]Re: newgrp problem
>
> On Wed, 2 Dec 2015, Ondrej Valousek wrote:
>
>> Hi List,
>>
>> I have a strange problem with newgrp. Machine is running SSSD, user U is member
of groups G1,G2,G3.
>> 'id -a U' shows correctly membership G1,G2,G3 Now command 'newgrp
G1'
>> completes successfully for him, but command 'newgrp G2' prompts for
password.
>> Any other user, member of the same groups do not have a problem with 'newgrp
G2'. Just this particular user.
>>
>> Strace did not unveil anything useful. Does anyone hit the same problem?
>
> Does getent group G2 show them to be a member? AFAIK newgrp/chgrp do things
backwards.
>
> jh
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedoraho
>
sted.org
> -----
>
> The information contained in this e-mail and in any attachments is confidential and
is designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedoraho
>
sted.org
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost
ed.org
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost
ed.org _______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.