On Fri, Feb 24, 2017 at 12:36:03PM +0100, Gerald Zabos wrote:
> Hello *,
> i just created a new user group 'it_testusers' (90600008) on one of
> the IPA servers and added three existing users:
> 'test' (90600005)
> 'ipajoin' (90600001)
> 'ldaptest' (90600003).
> When look up the group membership of these users on one of our IPA
> clients with 'id <username>' it shows uid, gid and groups=<gid>, but
> the new group 'it_testusers' is still missing.
> Looking up group membership with 'id <username>' on all of our IPA
> servers works, i can see the new group in the list of user's groups.
> Server OS: Redhat 7.3
> ipa-server: ipa-server-4.4.0-14.el7_3.4
> Client OS: CentOS 7.3
> ipa-client: ipa-client-4.4.0-14.el7.centos.4
> I've read https://www.redhat.com/archives/freeipa-users/2015-May/msg00463.html
> as it seems to be a similar problem.
> I stopped sssd, removed the files in /var/lib/sss/db and started sssd
> on the client -> still can't see the new group
> I rebooted the client -> still can't see the new group
I'm afraid you need to look into sssd logs on the client:
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project