On Fri, Feb 24, 2017 at 12:36:03PM +0100, Gerald Zabos wrote:
> Hello *,
>
> i just created a new user group 'it_testusers' (9068) on one of
> the IPA servers and added three existing users:
>
> 'test' (9065)
> 'ipajoin' (9061)
> 'ldaptest' (9063).
>
> When look up the group membership of these users on one of our IPA
> clients with 'id ' it shows uid, gid and groups=, but
> the new group 'it_testusers' is still missing.
>
> Looking up group membership with 'id ' on all of our IPA
> servers works, i can see the new group in the list of user's groups.
>
> Server OS: Redhat 7.3
> ipa-server: ipa-server-4.4.0-14.el7_3.4
>
> Client OS: CentOS 7.3
> ipa-client: ipa-client-4.4.0-14.el7.centos.4
>
> I've read https://www.redhat.com/archives/freeipa-users/2015-May/msg00463.html
> as it seems to be a similar problem.
>
> I stopped sssd, removed the files in /var/lib/sss/db and started sssd
> on the client -> still can't see the new group
>
> I rebooted the client -> still can't see the new group
I'm afraid you need to look into sssd logs on the client:
https://fedorahosted.org/sssd/wiki/Troubleshooting
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project