[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: [SSSD-users] Phantom Group upon login
From: Chris Hartman <qrstuv () gmail ! com>
Date: 2013-08-09 13:24:11
Message-ID: CAA5k6_=14PjY_0q4=9xS5CKn7tjxpe6L_5rvzXdCTKN86f+u+g () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi guys,
Weird problem here. Running Ubuntu with SSSD 1.9.5.
Upon login after a long period between consecutive logins by the same user,
I receive the following error message:
groups: cannot find name for group ID 1596003661
`id` yields this:
> USER@smarty:~$ id
uid=1596001141(USER) gid=1596000513(domain users) groups=1596000513(domain
> users),1596001142(radioworksusers),1596001642(nixdesktopusers),1596001643(nixserverusers),1596003180(puppetmakers),1596003206(drupal_admin),1596003661
>
An immediate subsequent login on the same system by the same user fails to
produce the error message and the phantom group disappears from `id` output:
> USER@smarty:~$ id
uid=1596001141(USER) gid=1596000513(domain users) groups=1596000513(domain
> users),1596001142(radioworksusers),1596001642(nixdesktopusers),1596001643(nixserverusers),1596003180(puppetmakers),1596003206(drupal_admin)
>
I've also just noticed that the group ID reported is not consistent but can
vary. I've searched my AD server for a group objectSID in question but have
not found one; the group does not exist.
There seem to be no negative side effects aside from the error message and
unmapped GID in the output of the `id` command.
My config:
> [sssd]
> config_file_version = 2
> debug_level = 0
> reconnection_retries = 3
> sbus_timeout = 30
> services = nss, pam
> domains = DOMAIN
>
> [pam]
> debug_level = 0
>
[nss]
> debug_level = 0
> filter_users =
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> filter_groups =
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> reconnection_retries = 3
> default_shell = /bin/bash
> shell_fallback = /bin/bash
>
[domain/DOMAIN]
> debug_level = 0
> ad_domain = DOMAIN.local
> id_provider = ad
> auth_provider = ad
> chpass_provider = ad
> access_provider = ad
> enumerate = true
> cache_credentials = true
> # Will check unixHomeDirectory LDAP attribute for a value first
> fallback_homedir = /home/%u
> dyndns_update = true
> dyndns_update_ptr = true
> ldap_schema = ad
> ldap_id_mapping = true
> default_shell = /bin/bash
Thanks!
-Chris
[Attachment #5 (text/html)]
<div dir="ltr">Hi guys,<div><br></div><div>Weird problem here. Running Ubuntu with \
SSSD 1.9.5.</div><div><br></div><div>Upon login after a long period between \
consecutive logins by the same user, I receive the following error message:</div>
<div><br></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">groups: \
cannot find name for group ID 1596003661</blockquote>
<div><br></div><div>`id` yields this:</div><div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">USER@smarty:~$ \
id</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">uid=1596001141(USER) \
gid=1596000513(domain users) groups=1596000513(domain \
users),1596001142(radioworksusers),1596001642(nixdesktopusers),1596001643(nixserverusers),1596003180(puppetmakers),1596003206(drupal_admin),1596003661</blockquote>
</div><div> </div><div>An immediate subsequent login on the same system by the same \
user fails to produce the error message and the phantom group disappears from `id` \
output:</div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
USER@smarty:~$ id</blockquote><blockquote class="gmail_quote" style="margin:0px 0px \
0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">uid=1596001141(USER) \
gid=1596000513(domain users) groups=1596000513(domain \
users),1596001142(radioworksusers),1596001642(nixdesktopusers),1596001643(nixserverusers),1596003180(puppetmakers),1596003206(drupal_admin)</blockquote>
</div><div><br></div><div>I've also just noticed that the group ID reported is \
not consistent but can vary. I've searched my AD server for a group objectSID in \
question but have not found one; the group does not exist.</div>
<div><br></div><div>There seem to be no negative side effects aside from the error \
message and unmapped GID in the output of the `id` \
command.</div><div><div><br></div></div><div>My config:</div><div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
[sssd]<br>config_file_version = 2<br>debug_level = 0<br>reconnection_retries = \
3<br>sbus_timeout = 30<br>services = nss, pam<br>domains = DOMAIN<br> \
<br>[pam]<br>debug_level = 0<br></blockquote><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">[nss]<br>debug_level \
= 0<br>filter_users = \
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm<br>
filter_groups = root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm<br>reconnection_retries \
= 3<br>default_shell = /bin/bash<br>shell_fallback = \
/bin/bash<br></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">[domain/DOMAIN]<br>debug_level \
= 0<br>ad_domain = DOMAIN.local<br>
id_provider = ad<br>auth_provider = ad<br>chpass_provider = ad<br>access_provider = \
ad<br>enumerate = true<br>cache_credentials = true<br># Will check unixHomeDirectory \
LDAP attribute for a value first<br>fallback_homedir = /home/%u<br>
dyndns_update = true<br>dyndns_update_ptr = true<br>ldap_schema = \
ad<br>ldap_id_mapping = true<br>default_shell = \
/bin/bash</blockquote></div><div><div><br></div><div>Thanks!</div><div><br></div>-Chris</div>
</div></div>
[Attachment #6 (text/plain)]
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic