> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Jakub Hrozek [jhro...@redhat.com] > Sent: 14 November 2014 14:56 > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Group membership not populated > > On Fri, Nov 14, 2014 at 12:10:59PM +0000, Darren Poulson wrote: > > Hi, > > > > I'm currently having an issue where if I log in as a user on a freshly > > rebooted machine, their group membership > is not populated, so things like > > sudo do not work properly. If I do a getent group <group>, log out and log > > back in > again, then it works properly. > > > > for example > > > > -sh-4.1$ groups dpoulson > > dpoulson : dpoulson ops_admins helpdesk > > -sh-4.1$ getent group ops_users > > ops_users:*:50130:dpoulson,anotheruser,andanother,etc > > Is ops_users an IPA group that dpoulsen is a member of (or maybe some AD > trust group or a local UNIX group)? >
An IPA group, no AD or other funkiness in this set up yet. > > -sh-4.1$ groups dpoulson > > dpoulson : dpoulson ops_admins helpdesk ops_users > > -sh-4.1$ groups > > dpoulson ops_admins helpdesk > > > > <logout/login> > > > > -sh-4.1$ groups > > dpoulson helpdesk ops_admins ops_users > > Taking the missing ops_users group out of the picture, this is expected, > memberships are set on login only. > Agreed. > > > > (the user is actually meant to be a member of 6 groups) > > Can you paste ipa user-show dpoulson? [root@freeipa1-01 ~]# ipa user-show dpoulson User login: dpoulson First name: Darren Last name: Poulson Home directory: /home/dpoulson Login shell: /bin/sh Email address: dpoul...@genesys.com UID: 50004 GID: 50004 Telephone Number: 123-555-1234 Account disabled: False Password: True Member of groups: admins, ipausers, helpdesk, sbmonitor_users, ops_users, ops_admins Indirect Member of role: helpdesk Indirect Member of Sudo rule: sudo_admins Indirect Member of HBAC rule: allow_all Kerberos keys available: True SSH public key fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX darren.poul...@genesys.com (ssh-rsa) Cheers, Darren. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
