On Fri, Nov 14, 2014 at 12:10:59PM +0000, Darren Poulson wrote:
> Hi,
> I'm currently having an issue where if I log in as a user on a freshly 
> rebooted machine, their group membership is not populated, so things like 
> sudo do not work properly. If I do a getent group <group>, log out and log 
> back in again, then it works properly.
> for example
> -sh-4.1$ groups dpoulson
> dpoulson : dpoulson ops_admins helpdesk
> -sh-4.1$ getent group ops_users
> ops_users:*:50130:dpoulson,anotheruser,andanother,etc

Is ops_users an IPA group that dpoulsen is a member of (or maybe some AD
trust group or a local UNIX group)? 

> -sh-4.1$ groups dpoulson
> dpoulson : dpoulson ops_admins helpdesk ops_users
> -sh-4.1$ groups
> dpoulson ops_admins helpdesk
> <logout/login>
> -sh-4.1$ groups
> dpoulson helpdesk ops_admins ops_users

Taking the missing ops_users group out of the picture, this is expected,
memberships are set on login only.

> (the user is actually meant to be a member of 6 groups)

Can you paste ipa user-show dpoulson?

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to