On Fri, Nov 14, 2014 at 12:10:59PM +0000, Darren Poulson wrote: > Hi, > > I'm currently having an issue where if I log in as a user on a freshly > rebooted machine, their group membership is not populated, so things like > sudo do not work properly. If I do a getent group <group>, log out and log > back in again, then it works properly. > > for example > > -sh-4.1$ groups dpoulson > dpoulson : dpoulson ops_admins helpdesk > -sh-4.1$ getent group ops_users > ops_users:*:50130:dpoulson,anotheruser,andanother,etc
Is ops_users an IPA group that dpoulsen is a member of (or maybe some AD trust group or a local UNIX group)? > -sh-4.1$ groups dpoulson > dpoulson : dpoulson ops_admins helpdesk ops_users > -sh-4.1$ groups > dpoulson ops_admins helpdesk > > <logout/login> > > -sh-4.1$ groups > dpoulson helpdesk ops_admins ops_users Taking the missing ops_users group out of the picture, this is expected, memberships are set on login only. > > (the user is actually meant to be a member of 6 groups) Can you paste ipa user-show dpoulson? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project