On Tue, Jul 14, 2015 at 09:01:54AM +0000, Les Stott wrote:
> Jakub,
> 
> Thanks for the follow up.
> 
> We try and stick to standard rhel/epel repo's (due to policy) so I am not 
> able to install a non-standard version of sssd.

OK, please note that pretty much the same version will come to 6.7 in a
couple of days.

> 
> I have decided to disable the User Private Group plugin and convert ipausers 
> to a posix group. There was nothing I could see that required us to use 
> UPG's. This setup is working for me now.

The drawback might be that ipausers would get really large over time and
resolving the large group including the members would take a long time.

> 
> Thanks,
> 
> Les
> 
> > -----Original Message-----
> > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> > boun...@redhat.com] On Behalf Of Jakub Hrozek
> > Sent: Tuesday, 14 July 2015 6:42 PM
> > To: freeipa-users@redhat.com
> > Subject: Re: [Freeipa-users] freeipa and User Private Groups
> > 
> > On Mon, Jul 13, 2015 at 09:11:09AM +0000, Les Stott wrote:
> > > Hi All,
> > >
> > > Running ipa-3.0.0-42.el6 and sssd-1.11.6-30.el6_6.3.x86_64
> > >
> > > So, by default, when you create a user in freeipa, That user will be set 
> > > to
> > have a primary group that is hidden and not a POSIX group.
> > >
> > > This means that when the user logs in to a host, they will see something
> > like...
> > >
> > > id: cannot find name for group ID <group_number>
> > 
> > It is not expected to not be able to return the name of the user group and I
> > don't see that in my setup. I was suspecting rhbz#1165074 but your sssd
> > should already have that bug fixed.
> > 
> > Can you see if the packages from
> >     https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12/
> > also show that behaviour?
> > 
> > If yes, can you get us sssd logs as described here:
> >     https://fedorahosted.org/sssd/wiki/Troubleshooting
> > 
> > >
> > > running the id command shows no name returned for this group.
> > >
> > > I understand you can disable private groups globally, however it is
> > discouraged. I also realise you can simply create POSIX groups when creating
> > users.
> > >
> > > In the spirit of trying to stick with the defaults....
> > >
> > > Is there a way to avoid the login error where id can't retrieve the group
> > name from a UPG?
> > >
> > > Thanks,
> > >
> > > Les
> > >
> > 
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go to http://freeipa.org for more info on the project
> > 
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to