Happy Friday,
I'm getting this message on login to an IPA client and not sure why:
$ ssh -Y -l *ose-dev1* rhc1.interop.example.com
ose-d...@rhc1.interop.example.com's password:
Last login: Thu Jul 24 19:46:46 2014 from rhc1.interop.example.com
Kickstarted on 2013-12-11
*id: cannot find name for group ID 889000002* <--- ???
The group and account were created about 2 months ago on an IdM (RHEL 7)
server as follows:
#*ipa group-add ose-developers --desc="OpenShift Developers"
--gid=889000002 *
----------------------------
Added group "ose-developers"
----------------------------
Group name: ose-developers
Description: OpenShift Developers
*GID: 889000002*
#*ipa user-add ose-dev1 --first="OSE" --last="Dev 1"
--displayname="OpenShift Developer 1" --homedir="/home/ose-dev1"
--shell="/bin/bash" **
****--uid=889000002 --gidnumber=889000002 --password *
Password: *******
Enter Password again to verify:
---------------------
Added user "ose-dev1"
---------------------
User login: ose-dev1
First name: OSE
Last name: Dev 1
Full name: OSE Dev 1
Display name: OpenShift Developer 1
Initials: OD
Home directory: /home/ose-dev1
GECOS: OSE Dev 1
Login shell: /bin/bash
Kerberos principal: ose-d...@interop.example.com
Email address: ose-d...@interop.example.com
UID: 889000002
*GID: 889000002 *
Password: True
Member of groups: ipausers
Kerberos keys available: True
On the IdM server, when I run 'group-show', 'group-find' I get:
# ipa group-show ose-developers
Group name:*ose-developers *
Description: OpenShift Developers
*GID: 889000002 *
# ipa group-find ose-developers
---------------
1 group matched
---------------
Group name:*ose-developers*
Description: OpenShift Developers
*GID: 889000002*
----------------------------
Number of entries returned 1
----------------------------
and 'user-show' returns:
# ipa user-show ose-dev1
User login: ose-dev1
First name: OSE
Last name: Dev 1
Home directory: /home/ose-dev1
Login shell: /bin/bash
Email address: ose-d...@interop.example.com
UID: 889000002
*GID: 889000002*
Account disabled: False
Password: True
Member of groups: ipausers
Kerberos keys available: True
so clearly the groups, user entries are correct in IdM. On first login,
the homedir
is created but the group name is not resolved:
$ pwd
/home/ose-dev1
[ose-dev1@xrhc1 ~]$ ls -lad .
drwxr-xr-x. 3 ose-dev1 *889000002* 4096 Jul 24 19:51 .
$ id
uid=889000002(ose-dev1) *gid=889000002* groups=889000002
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Is there some other client side lookup issue that is causing this? Why
doesn't *gid=889000002* map to (*ose-developers*)?
Thanks!
-m
--
Red Hat Reference Architectures
Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project