On Mon, Mar 03, 2014 at 02:01:52PM -0500, Steve Dainard wrote: > Hi Jakub, id info from earlier response: > > > Very interesting, my IPA group membership in ad_admins isn't > > shown by > > that command on first run (new login) > > > > sdainard-ad...@miovision.corp@__ubu1310:~$ id sdainard-admin > > uid=799002462(sdainard-admin@__miovision.corp) > > gid=799002462(sdainard-admin@__miovision.corp) > > groups=799002462(sdainard-__ad...@miovision.corp),__ > 799001380(accounting-share-__acc...@miovision.corp),__ > 799001417(protected-share-__acc...@miovision.corp),__799000519(enterprise > > adm...@miovision.corp),__799001416(hr-share-access@__ > miovision.corp),799000512(__domain > > adm...@miovision.corp),__799000513(domain > > us...@miovision.corp),__799002464(it - > > adm...@miovision.corp),__799002469(kloperators@__ > miovision.corp),799002468(__kladm...@miovision.corp) > > > > sdainard-ad...@miovision.corp@__ubu1310:~$ sudo su > > [sudo] password for sdainard-ad...@miovision.corp: > > sdainard-ad...@miovision.corp is not allowed to run sudo on > ubu1310. > > This incident will be reported. > > > > But after attempting the sudo command my groups do contain the IPA > > groups admins,ad_admins: > > > > sdainard-ad...@miovision.corp@__ubu1310:~$ id sdainard-admin > > uid=799002462(sdainard-admin@__miovision.corp) > > gid=799002462(sdainard-admin@__miovision.corp) > > groups=799002462(sdainard-__ad...@miovision.corp),__ > 799001380(accounting-share-__acc...@miovision.corp),__ > 799001417(protected-share-__acc...@miovision.corp),__799000519(enterprise > > adm...@miovision.corp),__799001416(hr-share-access@__ > miovision.corp),799000512(__domain > > adm...@miovision.corp),__799000513(domain > > us...@miovision.corp),__799002464(it - > > adm...@miovision.corp),__799002469(kloperators@__ > miovision.corp),799002468(__kladm...@miovision.corp),*__ > 1768200000(admins),1768200004(__ad_admins)* > >
Interesting, I would have thought that both sudo and id after login yield the same information. Can you send the SSSD logs? Feel free to send them privately. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
