On Thu, Dec 03, 2015 at 08:55:07AM +0000, Ondrej Valousek wrote:
Well, if it was the misconfiguration issue, the procedure below would
not help, right?
Depends on the configuration, ie the member attribute might be
misconfiured, the schema could be incorrect etc..
So it must be a bug.
If you think it's a bug, please file one in SSSD trac..
Question: After I do 'rm -rf /var/lib/sssd/db/*' and restart
SSSD, will the daemon continue refreshing Kerberos TGTs for my users?
No, the Kerberos principals to renew are read from the DB on startup.
>
> Thanks,
> Ondrej
>
> -----Original Message-----
> From: Jakub Hrozek [mailto:jhrozek@redhat.com]
> Sent: Thursday, December 03, 2015 9:49 AM
> To: sssd-users(a)lists.fedorahosted.org
> Subject: [SSSD-users]Re: newgrp problem
>
> On Thu, Dec 03, 2015 at 08:42:56AM +0000, Ondrej Valousek wrote:
> > No. I do not.
> > The only help seems to be:
> > # service sssd stop
> > # rm -rf /var/lib/sssd/db/*
> > # service sssd start
>
> If you can't resolve users with the default settings, then it's either a
misconfiguration or a bug that should be fixed.
>
> >
> > Pretty annoying bug, I have to say.
>
Question: After I do 'rm -rf /var/lib/sssd/db/*' and restart
SSSD, will the daemon continue refreshing Kerberos TGTs for my users?
> >
> > Thanks,
> > Ondrej
> >
> >
> > -----Original Message-----
> > From: Jakub Hrozek [mailto:jhrozek@redhat.com]
> > Sent: Wednesday, December 02, 2015 10:08 PM
> > To: End-user discussions about the System Security Services Daemon
> > <sssd-users(a)lists.fedorahosted.org>
> > Subject: [SSSD-users]Re: newgrp problem
> >
> >
> > > On 02 Dec 2015, at 13:42, Ondrej Valousek
<ondrej.valousek(a)s3group.com> wrote:
> > >
> > > Yes!
> > > You were right - thanks for the tip!
> > > 'getent group' does not list him as a member, but 'groups'
and 'id -a' commands do.
> > >
> > > Now why?
> >
> > do you use ignore_group_members=True?
> >
> > > Tried 'sss_cache -u U && sss_cache -g G2' but did not
help.
> > >
> > > Ondrej
> > >
> > > -----Original Message-----
> > > From: John Hodrien [mailto:J.H.Hodrien@leeds.ac.uk]
> > > Sent: Wednesday, December 02, 2015 1:35 PM
> > > To: End-user discussions about the System Security Services Daemon
> > > <sssd-users(a)lists.fedorahosted.org>
> > > Subject: [SSSD-users]Re: newgrp problem
> > >
> > > On Wed, 2 Dec 2015, Ondrej Valousek wrote:
> > >
> > >> Hi List,
> > >>
> > >> I have a strange problem with newgrp. Machine is running SSSD, user U
is member of groups G1,G2,G3.
> > >> 'id -a U' shows correctly membership G1,G2,G3 Now command
'newgrp G1'
> > >> completes successfully for him, but command 'newgrp G2' prompts
for password.
> > >> Any other user, member of the same groups do not have a problem with
'newgrp G2'. Just this particular user.
> > >>
> > >> Strace did not unveil anything useful. Does anyone hit the same
problem?
> > >
> > > Does getent group G2 show them to be a member? AFAIK newgrp/chgrp do
things backwards.
> > >
> > > jh
> > > _______________________________________________
> > > sssd-users mailing list
> > > sssd-users(a)lists.fedorahosted.org
> > >
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedoraho
> > >
sted.org
> > > -----
> > >
> > > The information contained in this e-mail and in any attachments is
confidential and is designated solely for the attention of the intended recipient(s). If
you are not an intended recipient, you must not use, disclose, copy, distribute or retain
this e-mail or any part thereof. If you have received this e-mail in error, please notify
the sender by return e-mail and delete all copies of this e-mail from your computer
system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You.
Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073.
Registered Office: South County Business Park, Leopardstown, Dublin 18.
> > > _______________________________________________
> > > sssd-users mailing list
> > > sssd-users(a)lists.fedorahosted.org
> > >
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedoraho
> > >
sted.org
> > _______________________________________________
> > sssd-users mailing list
> > sssd-users(a)lists.fedorahosted.org
> >
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost
> >
ed.org
> > -----
> >
> > The information contained in this e-mail and in any attachments is confidential
and is designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
> > _______________________________________________
> > sssd-users mailing list
> > sssd-users(a)lists.fedorahosted.org
> >
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost
> >
ed.org
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
> -----
>
> The information contained in this e-mail and in any attachments is confidential and
is designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org