On Mon, Aug 13, 2012 at 01:13:17PM -0400, Ian Levesque wrote:
On Aug 13, 2012, at 12:55 PM, Stephen Gallagher wrote:
> On Mon, 2012-08-13 at 12:47 -0400, Ian Levesque wrote:
>> Hi,
>>
>> I'm having trouble getting a cluster of Fedora 16 installs
>> (sssd-client-1.8.4-13.fc16.x86_64) to see secondary groups from my Open
>> Directory server (rfc2307). I have a RHEL6 box
>> (sssd-client-1.8.0-32.el6.x86_64) with an identical sssd.conf that does
>> work. Is this a known issue or is there something wonky with my Fedora
>> setup?
>
> Take a look at
https://bugzilla.redhat.com/show_bug.cgi?id=835612
>
> The glibc folks added a non-backwards-compatible change in a stable
> update...
>
> You want to add
> initgroups: files [SUCCESS=continue] sss
>
> to /etc/nsswitch.conf and all should work again.
Yikes... thanks for the heads-up, Stephen. It appears that commenting out the initgroups
declaration from nsswitch does the trick, as well. Do you know of any reason to include it
at all? I can't find documentation for "initgroups" anywhere.
Cheers,
Ian
It's an interface towards initgroups(3) or getgrouplist(3).
I'm not sure if the glibc folks did ever give a meaningful explanation
on the change. I can't even think of a good reason why initgroups should
differ from groups.
Either adding sss to the initgroups list or commenting out the
initgroups line completely is fine. Authconfig comments the line out,
for what it's worth.