stop nscd and check again. -- Thank you,
Mark Adrian Coetser [email protected] ... bleakness ... desolation ... plastic forks ... On 24/02/2017 16:40, Bernard Fay wrote:
On Fri, Feb 24, 2017 at 9:12 AM, Michael Wandel <[email protected] <mailto:[email protected]>> wrote: On 24.02.2017 14 <tel:24.02.2017%2014>:55, Bernard Fay wrote: > Hi, > > I removed a user from an LDAP group about a week ago. Today, this user > still shows as member of the group with the Linux command groups. Also, > the group (Administrators) appears twice in the output of the command id: > uid=10000(username) gid=10000(Administrators) > groups=10001(users),10005(devel),10011(video),10015(ansible),10000(Administrators) > Can you please let us know about your nss configuration /etc/nsswitch.conf . IMHO it looks ok that the administrators is the primary group and also in the groups enumeration. > The command getent though shows the proper group assignation: > getent group | grep username | cut -d: -f1 > users > devel > video > ansible > > All of those groups are LDAP group. > > Does someone knows why and would know how to fix this? you can't find primary groups for a user with your command, grepping throug "getent group" . In modern systems aka sssd it is not a good idea, because enumeration ist by default set to false. ]# grep -Ev "^\#|^$" /etc/nsswitch.conf passwd: files sss ldap shadow: files sss ldap group: files sss ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss ldap publickey: nisplus automount: files ldap aliases: files nisplus The user has been removed from the groups Administrators so it should not show. I do not use sssd as our LDAP is not secured so I use nscd. This LDAP is confined a lab. Thanks,
