Stopping nscd did not change anything. "groups username" still shows user as member of Administrators.
On Fri, Feb 24, 2017 at 9:50 AM, Mark Coetser <[email protected]> wrote: > stop nscd and check again. > > -- > Thank you, > > Mark Adrian Coetser > [email protected] > > ... bleakness ... desolation ... plastic forks ... > > > On 24/02/2017 16:40, Bernard Fay wrote: > >> >> On Fri, Feb 24, 2017 at 9:12 AM, Michael Wandel <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> On 24.02.2017 14 <tel:24.02.2017%2014>:55, Bernard Fay wrote: >> > Hi, >> > >> > I removed a user from an LDAP group about a week ago. Today, this >> user >> > still shows as member of the group with the Linux command groups. >> Also, >> > the group (Administrators) appears twice in the output of the >> command id: >> > uid=10000(username) gid=10000(Administrators) >> > groups=10001(users),10005(devel),10011(video),10015(ansible) >> ,10000(Administrators) >> > >> >> Can you please let us know about your nss configuration >> /etc/nsswitch.conf . IMHO it looks ok that the administrators is the >> primary group and also in the groups enumeration. >> >> > The command getent though shows the proper group assignation: >> > getent group | grep username | cut -d: -f1 >> > users >> > devel >> > video >> > ansible >> > >> > All of those groups are LDAP group. >> > >> > Does someone knows why and would know how to fix this? >> >> you can't find primary groups for a user with your command, grepping >> throug "getent group" . In modern systems aka sssd it is not a good >> idea, because enumeration ist by default set to false. >> >> >> >> ]# grep -Ev "^\#|^$" /etc/nsswitch.conf >> passwd: files sss ldap >> shadow: files sss ldap >> group: files sss ldap >> hosts: files dns >> bootparams: nisplus [NOTFOUND=return] files >> ethers: files >> netmasks: files >> networks: files >> protocols: files >> rpc: files >> services: files sss >> netgroup: files sss ldap >> publickey: nisplus >> automount: files ldap >> aliases: files nisplus >> >> >> The user has been removed from the groups Administrators so it should >> not show. >> >> I do not use sssd as our LDAP is not secured so I use nscd. This LDAP >> is confined a lab. >> >> Thanks, >> >>
