What does

getent group ose-developers
getent group 889000002

on the ipa client show? the client sssd nss and domain logs will log any relevant errors.

Jatin

On 25/07/14 13:22, Mark Heslin wrote:
Happy Friday,

I'm getting this message on login to an IPA client and not sure why:

  $ ssh -Y -l *ose-dev1* rhc1.interop.example.com
ose-d...@rhc1.interop.example.com's password:
  Last login: Thu Jul 24 19:46:46 2014 from rhc1.interop.example.com
  Kickstarted on 2013-12-11
*id: cannot find name for group ID 889000002*   <--- ???

The group and account were created about 2 months ago on an IdM (RHEL 7) server as follows:

#*ipa group-add ose-developers --desc="OpenShift Developers" --gid=889000002 *
  ----------------------------
  Added group "ose-developers"
  ----------------------------
    Group name: ose-developers
    Description: OpenShift Developers
*GID: 889000002*

#*ipa user-add ose-dev1 --first="OSE" --last="Dev 1" --displayname="OpenShift Developer 1" --homedir="/home/ose-dev1" --shell="/bin/bash" **
****--uid=889000002 --gidnumber=889000002 --password *
   Password: *******
   Enter Password again to verify:
   ---------------------
   Added user "ose-dev1"
   ---------------------
     User login: ose-dev1
     First name: OSE
     Last name: Dev 1
     Full name: OSE Dev 1
     Display name: OpenShift Developer 1
     Initials: OD
     Home directory: /home/ose-dev1
     GECOS: OSE Dev 1
     Login shell: /bin/bash
     Kerberos principal: ose-d...@interop.example.com
     Email address: ose-d...@interop.example.com
     UID: 889000002
*GID: 889000002 *
     Password: True
     Member of groups: ipausers
     Kerberos keys available: True

On the IdM server, when I run 'group-show', 'group-find' I get:

# ipa group-show ose-developers
  Group name:*ose-developers *
  Description: OpenShift Developers
*GID: 889000002 *

# ipa group-find ose-developers
   ---------------
  1 group matched
  ---------------
    Group name:*ose-developers*
    Description: OpenShift Developers
*GID: 889000002*
  ----------------------------
  Number of entries returned 1
  ----------------------------

and 'user-show' returns:

# ipa user-show ose-dev1
  User login: ose-dev1
  First name: OSE
  Last name: Dev 1
  Home directory: /home/ose-dev1
  Login shell: /bin/bash
  Email address: ose-d...@interop.example.com
  UID: 889000002
*GID: 889000002*
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True

so clearly the groups, user entries are correct in IdM. On first login, the homedir
is created but the group name is not resolved:

  $ pwd
  /home/ose-dev1
  [ose-dev1@xrhc1 ~]$ ls -lad .
  drwxr-xr-x. 3 ose-dev1 *889000002* 4096 Jul 24 19:51 .
  $ id
uid=889000002(ose-dev1) *gid=889000002* groups=889000002 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Is there some other client side lookup issue that is causing this? Why doesn't *gid=889000002* map to (*ose-developers*)?

Thanks!

-m


--

Red Hat Reference Architectures

Follow Us:https://twitter.com/RedHatRefArch
Plus Us:https://plus.google.com/u/0/b/114152126783830728030/
Like Us:https://www.facebook.com/rhrefarch



-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to