On Mon, Aug 28, 2017 at 04:39:46PM +0000, Eddleman, David via FreeIPA-users 
wrote:
> So I've created a ID override on the IPA master called "TestShellView" to 
> test out changing per-user requirements for shells.
> 
> Verify the ID override on the master:
> [root@ipamaster01 ~]# ipa idoverrideuser-find TestShellView
> --------------------------
> 1 User ID override matched
> --------------------------
>   Anchor to override: user@domain
>   GECOS: TEST ID VIEW
>   Login shell: /bin/ksh
> ----------------------------
> Number of entries returned 1
> ----------------------------
> 
> Good, looks as expected. I also tested the GECOS override just in case such a 
> thing was needed in the future.
> 
> [root@rhel7template ~]# getent passwd user@domain
> user@domain:*:689709720:689709720:TEST ID VIEW:/home/domain/user:/bin/ksh
> 
> Looks good. It's doing what it's supposed to be doing.
> So now we remove the GECOS and shell settings in the webUI and verify via CLI 
> that they're gone:
> 
> [root@ipamaster01 ~]# ipa idoverrideuser-find TestShellView
> --------------------------
> 1 User ID override matched
> --------------------------
>   Anchor to override: user@domain
> ----------------------------
> Number of entries returned 1
> ----------------------------
> 
> Still good so far. No overrides defined.
> 
> Clear the cache to verify that the data is fresh.
> 
> [root@rhel7template ~]# sss_cache -E
> [root@rhel7template ~]# getent passwd user@domain
> user@domain:*:689709720:689709720:TEST ID VIEW:/home/domain/user:/bin/ksh

I'm pretty sure this works as expected with the 'Default Trust View'.
I'll try to reproduce with a non-default view.

bye,
Sumit

> 
> That's not right...
> The default and fallback don't call for ksh either:
> 
> [root@rhel7template ~]# cat /etc/sssd/sssd.conf | grep shell
> allowed_shells = /bin/bash,/bin/sh,/bin/ksh
> shell_fallback = /sbin/nologin
> default_shell = /bin/bash
> 
> So let's try purging the cache files...
> [root@rhel7template ~]# cd /var/lib/sss/db/
> [root@rhel7template db]# ls
> <cache file listing>
> [root@rhel7template db]# rm -f *
> [root@rhel7template db]# ls
> [root@rhel7template db]# service sssd restart
> Redirecting to /bin/systemctl restart sssd.service
> [root@rhel7template db]# getent passwd user@domain
> user@domain:*:689709720:689709720:Username:/home/domain/user:/bin/bash
> 
> Now it's showing what it's supposed to.
> 
> This shouldn't be happening. If we have to purge sss cache files each time we 
> make an ID Override change, this won't work. Is this expected behavior, or is 
> this a bug?
> 
> David Eddleman

> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to