Luiz, Would you please run the below command from an OS X workstation's terminal to test look-up/caching of groups? If it displays a gid then we know the issue isn't LDAP mapping.
dscacheutil -q group -a name *yourGroupName* On Tue, Jul 25, 2017 at 11:30 AM, Luiz Garrido ALKEMY X via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Our setup is really close to this how-to: > > http://www.freeipa.org/page/HowTo/Setup_FreeIPA_Services_ > for_Mac_OS_X_10.12 > > Just a little different because this didn't exist when we did the > configuration. But even if you follow that, users on Mac are not getting > IPA groups and without correct groups, ALCs are not working for those > workstations. > > > > Luiz > > > > > On 07/25/2017 10:36 AM, Grant Janssen wrote: > > Luiz > > Oh yes, I had this problem. But getting functionality on OS-X was not a > simple matter. > Do you have documentation on how you got there? > > - grant > > > > > On Jul 24, 2017, at 14:16, Luiz Garrido ALKEMY X via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> <freeipa-users@lists.fedorahosted.org> > wrote: > > Hi, > > We have an environment with mixed OSX and CentOS computers and IPA is > working great for almost everything. > > The only problem that we have (besides the known ones) is that the IPA > user logged to an OSX computer is not getting group information. Logged > to a CentOS, the `id` command shows all the groups assigned to the user > but running the same command on an OSX under the same user, the groups > are different, mainly Apple groups and not our IPA groups. Does anyone > had this problem? > > So, because of this, ACL permissions on our NFS server is not working > for OSX machines, but are working great for CentOS ones. > > Thanks! > > Luiz Garrido > > This e-mail and any attachments are intended only for use by the addressee(s) > named herein and may contain confidential information. If you are not the > intended recipient of this e-mail, you are hereby notified any dissemination, > distribution or copying of this email and any attachments is strictly > prohibited. If you receive this email in error, please immediately notify the > sender by return email and permanently delete the original, any copy and any > printout thereof. The integrity and security of e-mail cannot be guaranteed. > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > -- *Jason Sherrill* *IT Specialist* Deeplocal Inc. <http://deeplocal.com/> mobile: 412-636-2073 <(412)%20636-2073> office: 412-362-0201 <(412)%20362-0201>
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org