On Mon, Jun 03, 2013 at 09:22:21PM -0400, Aly Khimji wrote:
> Hey guys,
> Just wanted to say thank you for all your support with everything and
> answering all my questions.
> Just wanted to show you something, maybe you can shed some light..
> Below is my self running the ID command on 2 different nodes (1) the IDM
> server and the other the IDM client. I get two different results of my user
> ID, the client being correct and the server not having the correct groups
> displaying with the ID, and even having one that has been deleted.
> Is there someplace this information in cached? or I can set an invalidator
> so that the information is pulled down or is forced to expire quicker so
> its checked from AD?
> -sh-4.1$ hostname
> rhidmclient.nix.corpnonprd.xxxx.com
> -sh-4.1$ id
> uid=59401108(akhi...@corpnonprd.xxxx.com) gid=59401108(
> akhi...@corpnonprd.xxxx.com)
> groups=59401108(akhi...@corpnonprd.xxxx.com),59400512(domain
> adm...@corpnonprd.xxxx.com),
> 59400513(domain us...@corpnonprd.xxxx.com),59401123(
> mirra-supapp-admin-corp-...@corpnonprd.xxxx.com),
> 162200012(mirra-supapp-admin-nix-cde)
> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> didmsvrua01.nix.corpnonprd.xxxx.com
> [root@didmsvrua01 ~]# id akhimji@corpnonprd
> uid=59401108(akhi...@corpnonprd.xxxx.com) gid=59401108(
> akhi...@corpnonprd.xxxx.com)
> groups=59401108(akhi...@corpnonprd.xxxx.com),59400513,59400513,59401113(
> s...@corpnonprd.xxxx.com)
> just a note this group [59401113(s...@corpnonprd.xxxx.com)] was deleted on
> AD, and correctly doesn't show up on the client, but remains in the server.

Group-memberships are cached for some time by SSSD so I would guess you
see cached data on the server. But during authentication the
group-memberships of a user are updated. Can you check if
s...@corpnonprd.xxxx.com does away if you log in with akhimji@corpnonprd
on the server?

> Please let me know if you need more info (eg logs, etc..)
> Thx
> Aly

> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Freeipa-users mailing list

Reply via email to