On Wed, Feb 27, 2013 at 10:11:03AM +0000, Longina Przybyszewska wrote: > ------------------ > Another problem - with group IDs: > > After login to the terminal, I get the long list of warnings for all > groups 1172xxxxx - it really delays login, as the list is long. Do I miss > some config options ? > > su - testuser > ... > groups: cannot find name for group ID XXXXXXX ... >
>>That's quite suspicious. How deep is your nesting structure? Are the groups >>that you only see numbers for two or more levels deep? The only known bug >>that could be related is >>https://fedorahosted.org/sssd/ticket/1755 >>can you try setting ldap_group_nesting_level to a higher number to check if >>the issue is resolved? How can I find out about the nesting structure in AD? I tried with nesting_level 3|4|5 It doesn't help for login issue - the same long list for all nesting levels of from command su - testuser The number of groups listed in 'id ' command changes with 'nesting_level': (Nesting level =5) alongina@victoria:~$ id -G testuser 332400513 alongina@victoria:~$ id -G -n testuser domain users alongina@victoria:~$ id testuser uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain users) (nesting level=4) alongina@victoria:~$ id -G testuser 332400513 332411734 332411220 332411221 332405659 332410635 332403786 332403699 332407177 332408204 332408312 332406100 332408307 332413664 332402685 332402830 332411184 alongina@victoria:~$ id -G -n testuser domain users data-nat-nat-it-groupdrive rw nat-fnc-pri-setdiscription nat-pri-setcomputerdesc imada-terminal-users nat-it-outlook-admin nat-terminal-users terminal brugere dl-nat-it-staff nat-it-ansatte nat-it-ad-hoc nat-esignatur dl-nat-it nat-ctxusers common_users nat-lectures nat-booking alongina@victoria:~$ id testuser uid=332405654(longina) gid=332400513(domain users) groups=332400513(domain users),332411734(data-nat-nat-it-groupdrive rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(imada-terminal-users),332410635(nat-it-outlook-admin),332403786(nat-terminal-users),332403699(terminal brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),332408312(nat-it-ad-hoc),332406100(nat-esignatur),332408307(dl-nat-it),332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking) It depends somehow on cache. Just after emptying cache I get the very long listing. root@victoria:/var/lib/sss/db# service sssd stop sssd stop/waiting root@victoria:/var/lib/sss/db# \rm -rf * root@victoria:/var/lib/sss/db# service sssd start sssd start/running, process 3635 root@victoria:/var/lib/sss/db# id testuser uid=332405654(testuser) gid=332400513(domain users) groups=332400513(doma in users),332402685(common_users),1172668083,1172671850,1172626924,11726 70697,1172632585,1172657894,1172647528,1172673996,1172630281,1172650784, 1172649006,1172646018,1172626637,1172668082,1172647518,332406100(nat-esi gnatur),332403786(nat-terminal-users),1172647527,332405659(imada-termina l-users),1172647519,1172671034,1172652129,1172650787,1172608193,11726460 19,1172649007,1172645844,1172630472,1172648739,1172645167,332402830(nat- lectures),1172649004,1172649400,1172671853,1172650786,332408307(dl-nat-i t),1172645166,1172645845,988802256,1172651920,1172649005,1172659655,1172 606592,1172647852,1172633504,1172667765,1172666809,1172645842,1172649046 ,1172667764,1172647523,1172626846,1172633505,1172645161,1172658369,11726 45843,1172616454,1172607216,332411221(nat-pri-setcomputerdesc),117265924 9,332410635(nat-it-outlook-admin),1172645163,1172644173,1172670698,98880 3287,1172645162,1172645841,1172659248,1172666810,1172659262,1172626838,1 172647520,988807606,1172626843,332411220(nat-fnc-pri-setdiscription),117 2612780,1172649045,1172645152,1172645147,1172626938,1172658370,117265836 5,1172630586,1172649398,1172627322,332413664(nat -ctxusers),1172607213,1172626943,1172649060,1172681172,332408204(nat-it-ansatte),1172632583,1172658364,1172626827,332407177(dl-nat-it-staff),1172658371,1172653861,1172645344,332403699(terminal brugere),1172649061,1172645146,1172632578,1172671847,1172626940,1172626841,1172648741,1172649062,1172632579,1172658363,1172627278,1172645150,1172653860,332411184(nat-booking),332408312(nat-it-ad-hoc),1172632582,1172645145,1172671028,1172645144,1172627767,1172626935,1172632581,1172672165,1172645151,1172671032,332411734(data-nat-nat-it-groupdrive rw),1172657810,1172612322,1172650789,1172648253,1172657811,1172681132,1172648254,1172649064,1172627766,1172645974,1172672164,1172671286,1172632580,1172648736,1172679679,1172622933,1172679716,1172645975,1172671030,1172620701,1172681776,1172650191,1172648735 The same command issued immediately again produces different output: id testuser uid=332405654(testuser) gid=332400513(domain users) groups=332400513(domain users),1172649061,1172649062,1172649064,1172650191,1172650789,1172651920,1172653860,1172653861,1172657810,1172657811,1172657894,1172658363,1172658371,1172668083,1172670697,1172671028,1172671030,1172671032,1172671286,1172671847,1172671850,1172672164,1172672165,1172679679,1172679716,1172681132,1172681776,332411734(data-nat-nat-it-groupdrive rw),332411220(nat-fnc-pri-setdiscription),332411221(nat-pri-setcomputerdesc),332405659(imada-terminal-users),332410635(nat-it-outlook-admin),332403786(nat-terminal-users),332403699(terminal brugere),332407177(dl-nat-it-staff),332408204(nat-it-ansatte),332408312(nat-it-ad-hoc),332406100(nat-esignatur),332408307(dl-nat-it),332413664(nat-ctxusers),332402685(common_users),332402830(nat-lectures),332411184(nat-booking) Longina _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
