Hi,
I recently have been aware of the option "hybrid" for auto_private_groups, and it would really help us to solve a problem where our AD server has a gidNumber set up for users, but no primary group name assigned.
When set to `true`, it works fine, though we don't want to set it to true because the uid might have been used as a gid for another user. Therefore hybrid is a better solution for us.
Can you help me to debug this? I see on the log, and get no errors. But when logging in, my user gets this:
/usr/bin/id: cannot find name for group ID 2558757.
Best, Francis
On 2022-09-16 08:30, Francis Augusto Medeiros-Logeay wrote:
Hi,
I recently have been aware of the option "hybrid" for auto_private_groups, and it would really help us to solve a problem where our AD server has a gidNumber set up for users, but no primary group name assigned.
When set to `true`, it works fine, though we don't want to set it to true because the uid might have been used as a gid for another user. Therefore hybrid is a better solution for us.
Can you help me to debug this? I see on the log, and get no errors. But when logging in, my user gets this:
/usr/bin/id: cannot find name for group ID 2558757.
Best, Francis
I am sorry, I forgot to mention that I am trying this on a RHEL 8.7.
Best,
Francis
Hi,
On Fri, Sep 16, 2022 at 8:35 AM Francis Augusto Medeiros-Logeay < r_f@med-lo.eu> wrote:
On 2022-09-16 08:30, Francis Augusto Medeiros-Logeay wrote:
Hi,
I recently have been aware of the option "hybrid" for auto_private_groups, and it would really help us to solve a problem where our AD server has a gidNumber set up for users, but no primary group name assigned.
When set to `true`, it works fine, though we don't want to set it to true because the uid might have been used as a gid for another user. Therefore hybrid is a better solution for us.
From the man page, the private group is generated only if the UID and GID of the user entry are identical: ----- 8< ----- hybrid A primary group is autogenerated *for user entries whose UID and GID numbers have the same value* and at the same time the GID number does not correspond to a real group object in LDAP. If the values are the same, but the primary GID in the user entry is also used by a group object, the primary GID of the user resolves to that group object.
If the UID and GID of a user are different, then the GID must correspond to a group entry, otherwise the GID is simply not resolvable.
This feature is useful for environments that wish to stop maintaining a separate group objects for the user private groups, but also wish to retain the existing user private groups. ----- >8 -----
Is this your case?
flo
Can you help me to debug this? I see on the log, and get no errors. But
when logging in, my user gets this:
/usr/bin/id: cannot find name for group ID 2558757.
Best, Francis
I am sorry, I forgot to mention that I am trying this on a RHEL 8.7.
Best,
Francis _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On 21 Sep 2022, at 11:45, Florence Blanc-Renaud <frenaud@redhat.com mailto:frenaud@redhat.com> wrote:
Hi,
On Fri, Sep 16, 2022 at 8:35 AM Francis Augusto Medeiros-Logeay <r_f@med-lo.eu mailto:r_f@med-lo.eu> wrote:
On 2022-09-16 08:30, Francis Augusto Medeiros-Logeay wrote:
Hi,
I recently have been aware of the option "hybrid" for auto_private_groups, and it would really help us to solve a problem where our AD server has a gidNumber set up for users, but no primary group name assigned.
When set to `true`, it works fine, though we don't want to set it to true because the uid might have been used as a gid for another user. Therefore hybrid is a better solution for us.
From the man page, the private group is generated only if the UID and GID of the user entry are identical: ----- 8< ----- hybrid A primary group is autogenerated for user entries whose UID and GID numbers have the same value and at the same time the GID number does not correspond to a real group object in LDAP. If the values are the same, but the primary GID in the user entry is also used by a group object, the primary GID of the user resolves to that group object.
If the UID and GID of a user are different, then the GID must correspond to a group entry, otherwise the GID is simply not resolvable. This feature is useful for environments that wish to stop maintaining a separate group objects for the user private groups, but also wish to retain the existing user private groups.----- >8 -----
Is this your case?
flo
Thanks Florence. Indeed, they are not. Is there a way we can submit a feature request about this? We do have gidNumber set on our AD, though it is different than the UID, so it would be nice to have the group name created.
Best,
Francis
sssd-users@lists.fedorahosted.org
-
Florence Blanc-Renaud -
Francis Augusto Medeiros-Logeay