Unable to see secondary groups in `id` listing
Bug #1317949 reported by
Robin McCorkell
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
When using SSSD 1.11.5 on Ubuntu 14.04, configured with the LDAP backend, running `id <username>` only shows the primary group, along with any secondary group that has been pre-cached (for example by running `getent group <group>` beforehand). After the user details have been seen by SSSD, they remain without showing secondary groups even if the groups are queried with `getent`.
With SSSD 1.9.5 (from a PPA on Ubuntu 12.04) secondary groups are shown just fine with `id`.
I am using the LDAP backend to point at a Samba 4 server running as an Active Directory domain controller. My sssd.conf is attached.
Changed in sssd (Ubuntu): | |
status: | Confirmed → Invalid |
status: | Invalid → Confirmed |
tags: | added: trusty |
information type: | Public → Public Security |
information type: | Public Security → Private Security |
information type: | Private Security → Public |
To post a comment you must log in.
Hi,
I'm sorry about the problem you hit, however, I need some more information to diagnose the problem.
First, I wonder if using the AD back end would suit your setup better since you seem to be using AD on the server side. Check out some introduction to the AD provider here: /jhrozek. livejournal. com/2801. html /jhrozek. livejournal. com/3019. html
https:/
https:/
But even with the LDAP back end, the secondary groups should be visible, especially since they were visible with the old version. Can you put "debug_level=8" into the [domain] and [nss] section of your sssd.conf, stop the SSSD, remove caches to start from a clean defined state (rm -f /var/lib/ sss/db/ cache* /var/lib/sss/mc/*), start the SSSD again and run both "id -G user" and then "id user". Would the run with '-G' show the correct groups?
Can you attach /var/log/sssd/*.log after the test?