I'm currently having an issue where if I log in as a user on a freshly rebooted 
machine, their group membership is not populated, so things like sudo do not 
work properly. If I do a getent group <group>, log out and log back in again, 
then it works properly.

for example

-sh-4.1$ groups dpoulson
dpoulson : dpoulson ops_admins helpdesk
-sh-4.1$ getent group ops_users
-sh-4.1$ groups dpoulson
dpoulson : dpoulson ops_admins helpdesk ops_users
-sh-4.1$ groups
dpoulson ops_admins helpdesk


-sh-4.1$ groups
dpoulson helpdesk ops_admins ops_users

(the user is actually meant to be a member of 6 groups)

Client and server machines are all fresh installs of CentOS 6.6, running:


All config files I've checked are identical (/etc/nsswitch.conf, 
/etc/sssd/sssd.conf, /etc/sudo-ldap.conf) - any more I should check? Tho that 
being said, they were all kickstarted from the same image with the same chef 



cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = bur.us.genops
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = pwm1-01.bur.us.genops
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, freeipa1-01.bur.us.genops
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 8

services = nss, sudo, pam, ssh
config_file_version = 2

domains = bur.us.genops
homedir_substring = /home








passwd:     files sss
shadow:     files sss
group:      files sss

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files sss
aliases:    files nisplus

sudoers: files sss

Any ideas where to start looking?



Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to