11:11 a.m.
Hi,
This is SSSD-VERSION 1.9.4 , Ubuntu Quantal 12.10
If homedir doesn't exist, user cannot login - homedir is not created locally on fly.
Is it expected behavior?
[nss]
...
fallback_homedir = /home/%u
override_homedir = /home/%u
...
Do I suppose to make change in pam to get it work?
------------------
Another problem - with group IDs:
After login to the terminal, I get the long list of warnings for all groups 1172xxxxx -
it really delays login,
as the list is long. Do I miss some config options ?
su - testuser
...
groups: cannot find name for group ID XXXXXXX
...
id -G testuser
332400513 332411734 332411220 332411221 332405659 332410635 332403786 332403699 332407177
332408204 332408312 332406100 332408307 332413664 332402685 332402830 332411184
id -G -n testuser
domain users data-nat-nat-it-groupdrive rw nat-fnc-pri-setdiscription
nat-pri-setcomputerdesc imada-terminal-users nat-it-outlook-admin nat-terminal-users
terminal brugere dl-nat-it-staff nat-it-ansatte nat-it-ad-hoc nat-esignatur dl-nat-it
nat-ctxusers common_users nat-lectures nat-booking
id testuser
uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain
users),1172612322,1172651920,1172657894,1172606592,1172607216,
332411734(data-nat-nat-it-groupdrive
rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(i-terminal-users),
332410635(nat-it-outlook-a),332403786(nat-terminal-users),332403699(terminal
brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),
332408312(nat-it-ad-hoc),332406100(nat-esignatur),1172648735,332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking),
332408307(dl-nat-it),1172668083,1172671850,1172626924,1172670697,1172632585,1172647528,1172673996,
1172630281,1172650784,1172649006,1172646018,1172626637,1172668082,1172647518,1172647527,1172647519,
1172671034,1172652129,1172650787,1172608193,1172646019,1172649007,1172645844,1172630472,1172648739,1172645167,
1172649004,1172649400,1172671853,1172650786,1172645166,1172645845,988802256,1172649005,1172659655,1172647852,1172633504,
1172667765,1172666809,1172645842,1172649046,1172667764,1172647523,1172626846,1172633505,1172645161,1172658369,1172645843,
1172616454,1172659249,1172645163,1172644173,1172670698,988803287,1172645162,1172645841,1172659248,1172666810,1172659262,1172626838,
........(a lot of groups)...
1172648736,1172679679,1172622933,1172679716,1172645975,1172671030,1172620701,1172681776,1172650191
Best
Longina
12:36 p.m.
On Wed, Feb 27, 2013 at 10:11:03AM +0000, Longina Przybyszewska wrote:
Hi,
This is SSSD-VERSION 1.9.4 , Ubuntu Quantal 12.10
If homedir doesn't exist, user cannot login - homedir is not created locally on fly.
Is it expected behavior?
[nss]
...
fallback_homedir = /home/%u
override_homedir = /home/%u
...
Do I suppose to make change in pam to get it work?
Yes, you should put pam_mkhomedir or pam_oddjob into the session stack.
------------------
Another problem - with group IDs:
After login to the terminal, I get the long list of warnings for all groups 1172xxxxx -
it really delays login,
as the list is long. Do I miss some config options ?
su - testuser
...
groups: cannot find name for group ID XXXXXXX
...
That's quite suspicious. How deep is your nesting structure? Are the
groups that you only see numbers for two or more levels deep? The only
known bug that could be related is
https://fedorahosted.org/sssd/ticket/1755
can you try setting ldap_group_nesting_level to a higher number to check
if the issue is resolved?
id -G testuser
332400513 332411734 332411220 332411221 332405659 332410635 332403786 332403699 332407177
332408204 332408312 332406100 332408307 332413664 332402685 332402830 332411184
id -G -n testuser
domain users data-nat-nat-it-groupdrive rw nat-fnc-pri-setdiscription
nat-pri-setcomputerdesc imada-terminal-users nat-it-outlook-admin nat-terminal-users
terminal brugere dl-nat-it-staff nat-it-ansatte nat-it-ad-hoc nat-esignatur dl-nat-it
nat-ctxusers common_users nat-lectures nat-booking
id testuser
uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain
users),1172612322,1172651920,1172657894,1172606592,1172607216,
332411734(data-nat-nat-it-groupdrive
rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(i-terminal-users),
332410635(nat-it-outlook-a),332403786(nat-terminal-users),332403699(terminal
brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),
332408312(nat-it-ad-hoc),332406100(nat-esignatur),1172648735,332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking),
332408307(dl-nat-it),1172668083,1172671850,1172626924,1172670697,1172632585,1172647528,1172673996,
1172630281,1172650784,1172649006,1172646018,1172626637,1172668082,1172647518,1172647527,1172647519,
1172671034,1172652129,1172650787,1172608193,1172646019,1172649007,1172645844,1172630472,1172648739,1172645167,
1172649004,1172649400,1172671853,1172650786,1172645166,1172645845,988802256,1172649005,1172659655,1172647852,1172633504,
1172667765,1172666809,1172645842,1172649046,1172667764,1172647523,1172626846,1172633505,1172645161,1172658369,1172645843,
1172616454,1172659249,1172645163,1172644173,1172670698,988803287,1172645162,1172645841,1172659248,1172666810,1172659262,1172626838,
........(a lot of groups)...
1172648736,1172679679,1172622933,1172679716,1172645975,1172671030,1172620701,1172681776,1172650191
Best
Longina
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
2:36 p.m.
On Wed, Feb 27, 2013 at 10:11:03AM +0000, Longina Przybyszewska wrote:
------------------
Another problem - with group IDs:
After login to the terminal, I get the long list of warnings for all
groups 1172xxxxx - it really delays login, as the list is long. Do I miss some config
options ?
su - testuser
...
groups: cannot find name for group ID XXXXXXX ...
>That's quite suspicious. How deep is your nesting structure?
Are the groups that you only see numbers for two or more levels deep? The only known bug
that could be related is
>https://fedorahosted.org/sssd/ticket/1755
>can you try setting ldap_group_nesting_level to a higher number to
check if the issue is resolved?
How can I find out about the nesting structure in AD?
I tried with nesting_level 3|4|5
It doesn't help for login issue - the same long list for all nesting levels of from
command
su - testuser
The number of groups listed in 'id ' command changes with
'nesting_level':
(Nesting level =5)
alongina@victoria:~$ id -G testuser
332400513
alongina@victoria:~$ id -G -n testuser
domain users
alongina@victoria:~$ id testuser
uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain users)
(nesting level=4)
alongina@victoria:~$ id -G testuser
332400513 332411734 332411220 332411221 332405659 332410635 332403786 332403699 332407177
332408204 332408312 332406100 332408307 332413664 332402685 332402830 332411184
alongina@victoria:~$ id -G -n testuser
domain users data-nat-nat-it-groupdrive rw nat-fnc-pri-setdiscription
nat-pri-setcomputerdesc imada-terminal-users nat-it-outlook-admin nat-terminal-users
terminal brugere dl-nat-it-staff nat-it-ansatte nat-it-ad-hoc nat-esignatur dl-nat-it
nat-ctxusers common_users nat-lectures nat-booking
alongina@victoria:~$ id testuser
uid=332405654(longina) gid=332400513(domain users) groups=332400513(domain
users),332411734(data-nat-nat-it-groupdrive
rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(imada-terminal-users),332410635(nat-it-outlook-admin),332403786(nat-terminal-users),332403699(terminal
brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),332408312(nat-it-ad-hoc),332406100(nat-esignatur),332408307(dl-nat-it),332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking)
It depends somehow on cache.
Just after emptying cache I get the very long listing.
root@victoria:/var/lib/sss/db# service sssd stop
sssd stop/waiting
root@victoria:/var/lib/sss/db# \rm -rf *
root@victoria:/var/lib/sss/db# service sssd start
sssd start/running, process 3635
root@victoria:/var/lib/sss/db# id testuser
uid=332405654(testuser) gid=332400513(domain users) groups=332400513(doma
in users),332402685(common_users),1172668083,1172671850,1172626924,11726
70697,1172632585,1172657894,1172647528,1172673996,1172630281,1172650784,
1172649006,1172646018,1172626637,1172668082,1172647518,332406100(nat-esi
gnatur),332403786(nat-terminal-users),1172647527,332405659(imada-termina
l-users),1172647519,1172671034,1172652129,1172650787,1172608193,11726460
19,1172649007,1172645844,1172630472,1172648739,1172645167,332402830(nat-
lectures),1172649004,1172649400,1172671853,1172650786,332408307(dl-nat-i
t),1172645166,1172645845,988802256,1172651920,1172649005,1172659655,1172
606592,1172647852,1172633504,1172667765,1172666809,1172645842,1172649046
,1172667764,1172647523,1172626846,1172633505,1172645161,1172658369,11726
45843,1172616454,1172607216,332411221(nat-pri-setcomputerdesc),117265924
9,332410635(nat-it-outlook-admin),1172645163,1172644173,1172670698,98880
3287,1172645162,1172645841,1172659248,1172666810,1172659262,1172626838,1
172647520,988807606,1172626843,332411220(nat-fnc-pri-setdiscription),117
2612780,1172649045,1172645152,1172645147,1172626938,1172658370,117265836
5,1172630586,1172649398,1172627322,332413664(nat
-ctxusers),1172607213,1172626943,1172649060,1172681172,332408204(nat-it-ansatte),1172632583,1172658364,1172626827,332407177(dl-nat-it-staff),1172658371,1172653861,1172645344,332403699(terminal
brugere),1172649061,1172645146,1172632578,1172671847,1172626940,1172626841,1172648741,1172649062,1172632579,1172658363,1172627278,1172645150,1172653860,332411184(nat-booking),332408312(nat-it-ad-hoc),1172632582,1172645145,1172671028,1172645144,1172627767,1172626935,1172632581,1172672165,1172645151,1172671032,332411734(data-nat-nat-it-groupdrive
rw),1172657810,1172612322,1172650789,1172648253,1172657811,1172681132,1172648254,1172649064,1172627766,1172645974,1172672164,1172671286,1172632580,1172648736,1172679679,1172622933,1172679716,1172645975,1172671030,1172620701,1172681776,1172650191,1172648735
The same command issued immediately again produces different output:
id testuser
uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain
users),1172649061,1172649062,1172649064,1172650191,1172650789,1172651920,1172653860,1172653861,1172657810,1172657811,1172657894,1172658363,1172658371,1172668083,1172670697,1172671028,1172671030,1172671032,1172671286,1172671847,1172671850,1172672164,1172672165,1172679679,1172679716,1172681132,1172681776,332411734(data-nat-nat-it-groupdrive
rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(imada-terminal-users),332410635(nat-it-outlook-admin),332403786(nat-terminal-users),332403699(terminal
brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),332408312(nat-it-ad-hoc),332406100(nat-esignatur),332408307(dl-nat-it),332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking)
Longina
11:33 a.m.
On Wed, Feb 27, 2013 at 01:36:58PM +0000, Longina Przybyszewska wrote:
On Wed, Feb 27, 2013 at 10:11:03AM +0000, Longina Przybyszewska wrote:
> ------------------
> Another problem - with group IDs:
>
> After login to the terminal, I get the long list of warnings for all
> groups 1172xxxxx - it really delays login, as the list is long. Do I miss some
config options ?
>
> su - testuser
> ...
> groups: cannot find name for group ID XXXXXXX ...
>
>>That's quite suspicious. How deep is your nesting structure? Are the groups
that you only see numbers for two or more levels deep? The only known bug that could be
related is
>>https://fedorahosted.org/sssd/ticket/1755
>>can you try setting ldap_group_nesting_level to a higher number to check if the
issue is resolved?
How can I find out about the nesting structure in AD?
I tried with nesting_level 3|4|5
It doesn't help for login issue - the same long list for all nesting levels of from
command
su - testuser
The number of groups listed in 'id ' command changes with
'nesting_level':
(Nesting level =5)
alongina@victoria:~$ id -G testuser
332400513
alongina@victoria:~$ id -G -n testuser
domain users
alongina@victoria:~$ id testuser
uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain users)
(nesting level=4)
alongina@victoria:~$ id -G testuser
332400513 332411734 332411220 332411221 332405659 332410635 332403786 332403699 332407177
332408204 332408312 332406100 332408307 332413664 332402685 332402830 332411184
alongina@victoria:~$ id -G -n testuser
domain users data-nat-nat-it-groupdrive rw nat-fnc-pri-setdiscription
nat-pri-setcomputerdesc imada-terminal-users nat-it-outlook-admin nat-terminal-users
terminal brugere dl-nat-it-staff nat-it-ansatte nat-it-ad-hoc nat-esignatur dl-nat-it
nat-ctxusers common_users nat-lectures nat-booking
alongina@victoria:~$ id testuser
uid=332405654(longina) gid=332400513(domain users) groups=332400513(domain
users),332411734(data-nat-nat-it-groupdrive
rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(imada-terminal-users),332410635(nat-it-outlook-admin),332403786(nat-terminal-users),332403699(terminal
brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),332408312(nat-it-ad-hoc),332406100(nat-esignatur),332408307(dl-nat-it),332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking)
It depends somehow on cache.
Just after emptying cache I get the very long listing.
root@victoria:/var/lib/sss/db# service sssd stop
sssd stop/waiting
root@victoria:/var/lib/sss/db# \rm -rf *
root@victoria:/var/lib/sss/db# service sssd start
sssd start/running, process 3635
root@victoria:/var/lib/sss/db# id testuser
uid=332405654(testuser) gid=332400513(domain users) groups=332400513(doma
in users),332402685(common_users),1172668083,1172671850,1172626924,11726
70697,1172632585,1172657894,1172647528,1172673996,1172630281,1172650784,
1172649006,1172646018,1172626637,1172668082,1172647518,332406100(nat-esi
gnatur),332403786(nat-terminal-users),1172647527,332405659(imada-termina
l-users),1172647519,1172671034,1172652129,1172650787,1172608193,11726460
19,1172649007,1172645844,1172630472,1172648739,1172645167,332402830(nat-
lectures),1172649004,1172649400,1172671853,1172650786,332408307(dl-nat-i
t),1172645166,1172645845,988802256,1172651920,1172649005,1172659655,1172
606592,1172647852,1172633504,1172667765,1172666809,1172645842,1172649046
,1172667764,1172647523,1172626846,1172633505,1172645161,1172658369,11726
45843,1172616454,1172607216,332411221(nat-pri-setcomputerdesc),117265924
9,332410635(nat-it-outlook-admin),1172645163,1172644173,1172670698,98880
3287,1172645162,1172645841,1172659248,1172666810,1172659262,1172626838,1
172647520,988807606,1172626843,332411220(nat-fnc-pri-setdiscription),117
2612780,1172649045,1172645152,1172645147,1172626938,1172658370,117265836
5,1172630586,1172649398,1172627322,332413664(nat
-ctxusers),1172607213,1172626943,1172649060,1172681172,332408204(nat-it-ansatte),1172632583,1172658364,1172626827,332407177(dl-nat-it-staff),1172658371,1172653861,1172645344,332403699(terminal
brugere),1172649061,1172645146,1172632578,1172671847,1172626940,1172626841,1172648741,1172649062,1172632579,1172658363,1172627278,1172645150,1172653860,332411184(nat-booking),332408312(nat-it-ad-hoc),1172632582,1172645145,1172671028,1172645144,1172627767,1172626935,1172632581,1172672165,1172645151,1172671032,332411734(data-nat-nat-it-groupdrive
rw),1172657810,1172612322,1172650789,1172648253,1172657811,1172681132,1172648254,1172649064,1172627766,1172645974,1172672164,1172671286,1172632580,1172648736,1172679679,1172622933,1172679716,1172645975,1172671030,1172620701,1172681776,1172650191,1172648735
The same command issued immediately again produces different output:
id testuser
uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain
users),1172649061,1172649062,1172649064,1172650191,1172650789,1172651920,1172653860,1172653861,1172657810,1172657811,1172657894,1172658363,1172658371,1172668083,1172670697,1172671028,1172671030,1172671032,1172671286,1172671847,1172671850,1172672164,1172672165,1172679679,1172679716,1172681132,1172681776,332411734(data-nat-nat-it-groupdrive
rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(imada-terminal-users),332410635(nat-it-outlook-admin),332403786(nat-terminal-users),332403699(terminal
brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),332408312(nat-it-ad-hoc),332406100(nat-esignatur),332408307(dl-nat-it),332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking)
Longina
OK, this sounds like some kind of a bug.
Can you try removing all caches,
including the memory cache (rm -f /var/lib/sss/db/cache_*.ldb
/var/lib/sss/mc/*), raise debugging in the [domain] section and attach
/var/log/sssd/sssd_$domain.log ? That should help identify why we are
not resolving all the gids.
2796
days inactive
2797
days old
sssd-users@lists.fedorahosted.org
3 comments
2 participants
participants (2)
-
Jakub Hrozek -
Longina Przybyszewska