Without the SSSD logs it's hard to tell for certain, but I suspect this is caused by enumerate=True in the sssd.conf config file.
The reason why the groups seemingly appear after about ten seconds is that after the SSSD provider starts up, the enumerate task is scheduled. In general, it *should* block the NSS operations until the initial enumeration has completed, though. Is the behaviour reproducable within a single SSSD session? In other words, if you log in after the ten seconds have passed and the getent command reports correct group memberships, does "groups" still show wrong membership? Also, is there a particular reason to use enumerate=True? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1049186 Title: sssd forgets group memberships of foo when foo logs in; remembers them after ten seconds after restarting sssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1049186/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
