On 07/24/2014 11:33 PM, Jatin Nansi wrote:
What does
getent group ose-developers
getent group 88902
on the ipa client show? the client sssd nss and domain logs will log
any relevant errors.
Jatin
Hi Jatin,
Beats me but - apparently it's working fine now:
$ ssh -Y -l ose-dev1 rhc1.interop.example.com
Last login: Thu Jul 24 19:51:19 2014 from xrhc1.interop.example.com
Kickstarted on 2013-12-11
[ose-dev1@rhc1 ~]$ getent group ose-developers
ose-developers:*:88902:
[ose-dev1@rhc1 ~]$ getent group 88902
ose-developers:*:88902:
[ose-dev1@rhc1 ~]$ id
uid=88902(ose-dev1) gid=88902*(ose-developers)*
groups=88902(ose-developers)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
I rebooted both IdM servers, client about an hour before - maybe the
client had old cache entries?
Thanks and sorry for the false alarm.
-m
On 25/07/14 13:22, Mark Heslin wrote:
Happy Friday,
I'm getting this message on login to an IPA client and not sure why:
$ ssh -Y -l *ose-dev1* rhc1.interop.example.com
ose-d...@rhc1.interop.example.com's password:
Last login: Thu Jul 24 19:46:46 2014 from rhc1.interop.example.com
Kickstarted on 2013-12-11
*id: cannot find name for group ID 88902* <--- ???
The group and account were created about 2 months ago on an IdM (RHEL
7) server as follows:
#*ipa group-add ose-developers --desc="OpenShift Developers"
--gid=88902 *
Added group "ose-developers"
Group name: ose-developers
Description: OpenShift Developers
*GID: 88902*
#*ipa user-add ose-dev1 --first="OSE" --last="Dev 1"
--displayname="OpenShift Developer 1" --homedir="/home/ose-dev1"
--shell="/bin/bash" **
--uid=88902 --gidnumber=88902 --password *
Password: ***
Enter Password again to verify:
-
Added user "ose-dev1"
-
User login: ose-dev1
First name: OSE
Last name: Dev 1
Full name: OSE Dev 1
Display name: OpenShift Developer 1
Initials: OD
Home directory: /home/ose-dev1
GECOS: OSE Dev 1
Login shell: /bin/bash
Kerberos principal: ose-d...@interop.example.com
Email address: ose-d...@interop.example.com
UID: 88902
*GID: 88902 *
Password: True
Member of groups: ipausers
Kerberos keys available: True
On the IdM server, when I run 'group-show', 'group-find' I get:
# ipa group-show ose-developers
Group name:*ose-developers *
Description: OpenShift Developers
*GID: 88902 *
# ipa group-find ose-developers
---
1 group matched
---
Group name:*ose-developers*
Description: OpenShift Developers
*GID: 88902*
Number of entries returned 1
and 'user-show' returns:
# ipa user-show ose-dev1
User login: ose-dev1
First name: OSE
Last name: Dev 1
Home directory: /home/ose-dev1
Login shell: /bin/bash
Email address: ose-d...@interop.example.com
UID: 88902
*GID: 88902*
Account disabled: False
Password: True
Member of groups: ipausers
Kerberos keys available: True
so clearly the groups, user entries are correct in IdM. On first
login, the homedir
is created but the group name is not resolved:
$ pwd
/home/ose-dev1
[ose-dev1@xrhc1 ~]$ ls -lad .
drwxr-xr-x. 3 ose-dev1 *88902* 4096 Jul 24 19:51 .
$ id
uid=88902(ose-dev1) *gid=88902* groups=88902
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Is there some other client side lookup issue that is causing this?
Why doesn't *gid=88902* map to (*ose-developers*)?
Thanks!
-m
--
Red Hat Reference Architectures
Follow Us:https://twitter.com/RedHatRefArch
Plus Us:https://plus.google.com/u/0/b/114152126783830728030/
Like Us:https://www.facebook.com/rhrefarch
--
Red Hat Reference Architectures
Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project