On 29/06/11 11:33 -0400, Patrick Cable wrote:
This one's probably pretty simple -- but the exact phrase to google
for is, well, elusive to me.
So, when I 'su' or 'su -' to a user's account, all his groups show up.
[root@user ~]# su - juser
user:/home/juser> groups
stapusr wheel p2218808 p10022 pdk dfpa_general p1418 qds
But apparently, when the user logs in, he only sees his primary group
(which linux sees as stapusr but whatever)
user:/home/juser> groups
stapusr
This is on RHEL5.5 and using gnome-terminal. Groups and users are on
LDAP - getent group shows correct group access, etc. I turned NSCD off
just to make sure it wasnt a broken cache.
His gnome-terminal profile is configured to use his shell as a login shell.
What obvious simple thing am I missing here?
_______________________________________________
Do 'id' and 'getent group <user>' report the same thing, both as the
user and as root? I would suspect issues with your LDAP
configuration. I have seen 'id' and 'getent group' report different
results depending on how groups are defined in LDAP. For example:
id does not like if your groups are defined as:
...
objectClass: posixgroup
cn: groupname
gidNumber: 12345
memberUid: user1,user2,user3
vs:
objectClass: posixgroup
cn: groupname
gidNumber: 12345
memberUid: user1
memberUid: user2
memberUid: user3
On the second example, id and getent groups will match results, but id
will not be able to retrieve results on the first example (in the
default RHEL5 config).
Also, you might want to look at if your client system is binding to
the LDAP server as an authenticated user vs. anonymous bind.
Just my $0.02.
Cheers,
Brian
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
