Jakub, many thanks and I'm really sorry for so stupid questions! yes, you're right, group3 didn't have posix GID :-)
Vitaly On Wed, Jul 31, 2013 at 3:40 PM, Jakub Hrozek <[email protected]> wrote: > On Wed, Jul 31, 2013 at 03:27:41PM +0300, Vitaly wrote: >> Jakub, many thanks! >> >> >Interesting, can you run ipa user-show --all --raw myuser and check if >> >all three groups are visible as values of the "memberof" attribute? I >> >suspect they will.. >> Yes, all 3 groups are visible >> >> >If they do, can you then put debug_level=7 to the [domain] section of >> >sssd.conf, restart sssd and attach or paste the logs from /var/log/sssd >> >> As far as I see for problematic group3 >> >> ........ >> (Wed Jul 31 12:10:39 2013) [sssd[be[example.com]]] >> [sdap_initgr_nested_search] (2): Search for group >> cn=group3,cn=groups,cn=accounts, >> ,dc=example,dc=com, returned 0 results. Skipping >> ....... >> >> So I tried on my IPA client "getent group group2/3" - there is an >> answer for group2, but not for group3. Interesting... >> In IPA server "ipa group-show group2/3 " show similar output for both >> groups, including members. >> >> >> >> > > Does the group have posix GID? > >> Jakub, if you agree, I'll send you log to your email, I prefer do not >> post it to the list. > > Sure, that's fine. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
