On (10/06/16 11:31), Lukas Slebodnik wrote: >On (08/06/16 09:16), Joakim Tjernlund wrote: >>I got 2 domains configured in sssd and the id cmd behaves odd: >>gentoo-LABBBB sssd # id [email protected] >>uid=1001(jocke) gid=100(users) >>groups=100(users),10(wheel),14(uucp),18(audio),27(video),250(portage),101(vboxusers),998(plugdev),78(kvm),900(libvirt),977(docker),1172001133(s >> all employees),1172056192(se-rnd-ts-1100),1172001161(all >>employees),1172000513(domain >>users),1172056141(se-it-group),1172056172(se-rnd-hw),1172056180(se-rnd-sw),1172056169(se-rnd) >>gentoo-LABBBB sssd # id [email protected] >>uid=1172051010(jocke) gid=1172056169(se-rnd) >>groups=1172056169(se-rnd),10(wheel),14(uucp),18(audio),27(video),250(portage),101(vboxusers),998(plugdev),78(kvm),900(libvirt),977(docker),1172001133(s >> all employees),1172056192(se-rnd-ts-1100),1172001161(all >>employees),1172000513(domain >>users),1172056141(se-it-group),1172056172(se-rnd-hw),1172056180(se-rnd-sw) >> >>Notice how uid/gid differs but the group names are the same(they should not >>be) >>It turns out that the "groups" list depends on the >> domains = infinera.com,transmode.se >>setting. Whichever is first wins. >> >It took me some time to find a difference. >So the difference is in primary group (onece it's gid=100(users) and >later it is gid=1172056169(se-rnd). > >What was a delay between two calls of "id [email protected]"? >I would not expect short delay due to fast cache. > >BTW, I would suggest to test with simpler command: > "getent passwd [email protected]" >The primary group is the second number in output. > >I would suggest to look into following wiki. >https://fedorahosted.org/sssd/wiki/Troubleshooting >and find some errors in nss.log and sssd_$domain.log > Ahh, I totally missed that fully qualified name of user is different.
LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
