[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-users
Subject:    [SSSD-users]  Phantom Group upon login
From:       Chris Hartman <qrstuv () gmail ! com>
Date:       2013-08-09 13:24:11
Message-ID: CAA5k6_=14PjY_0q4=9xS5CKn7tjxpe6L_5rvzXdCTKN86f+u+g () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi guys,

Weird problem here. Running Ubuntu with SSSD 1.9.5.

Upon login after a long period between consecutive logins by the same user,
I receive the following error message:

groups: cannot find name for group ID 1596003661


`id` yields this:

> USER@smarty:~$ id

uid=1596001141(USER) gid=1596000513(domain users) groups=1596000513(domain
> users),1596001142(radioworksusers),1596001642(nixdesktopusers),1596001643(nixserverusers),1596003180(puppetmakers),1596003206(drupal_admin),1596003661
> 


An immediate subsequent login on the same system by the same user fails to
produce the error message and the phantom group disappears from `id` output:

> USER@smarty:~$ id

uid=1596001141(USER) gid=1596000513(domain users) groups=1596000513(domain
> users),1596001142(radioworksusers),1596001642(nixdesktopusers),1596001643(nixserverusers),1596003180(puppetmakers),1596003206(drupal_admin)
> 


I've also just noticed that the group ID reported is not consistent but can
vary. I've searched my AD server for a group objectSID in question but have
not found one; the group does not exist.

There seem to be no negative side effects aside from the error message and
unmapped GID in the output of the `id` command.

My config:

> [sssd]
> config_file_version = 2
> debug_level = 0
> reconnection_retries = 3
> sbus_timeout = 30
> services = nss, pam
> domains = DOMAIN
> 
> [pam]
> debug_level = 0
> 


[nss]
> debug_level = 0
> filter_users =
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> filter_groups =
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> reconnection_retries = 3
> default_shell = /bin/bash
> shell_fallback = /bin/bash
> 


[domain/DOMAIN]
> debug_level = 0
> ad_domain = DOMAIN.local
> id_provider = ad
> auth_provider = ad
> chpass_provider = ad
> access_provider = ad
> enumerate = true
> cache_credentials = true
> # Will check unixHomeDirectory LDAP attribute for a value first
> fallback_homedir = /home/%u
> dyndns_update = true
> dyndns_update_ptr = true
> ldap_schema = ad
> ldap_id_mapping = true
> default_shell = /bin/bash


Thanks!

-Chris


[Attachment #5 (text/html)]

<div dir="ltr">Hi guys,<div><br></div><div>Weird problem here. Running Ubuntu with \
SSSD 1.9.5.</div><div><br></div><div>Upon login after a long period between \
consecutive logins by the same user, I receive the following error message:</div>


<div><br></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">groups: \
cannot find name for group ID 1596003661</blockquote>


<div><br></div><div>`id` yields this:</div><div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">USER@smarty:~$ \
id</blockquote>


<blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">uid=1596001141(USER) \
gid=1596000513(domain users) groups=1596000513(domain \
users),1596001142(radioworksusers),1596001642(nixdesktopusers),1596001643(nixserverusers),1596003180(puppetmakers),1596003206(drupal_admin),1596003661</blockquote>



</div><div> </div><div>An immediate subsequent login on the same system by the same \
user fails to produce the error message and the phantom group disappears from `id` \
output:</div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">



USER@smarty:~$ id</blockquote><blockquote class="gmail_quote" style="margin:0px 0px \
0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">uid=1596001141(USER) \
gid=1596000513(domain users) groups=1596000513(domain \
users),1596001142(radioworksusers),1596001642(nixdesktopusers),1596001643(nixserverusers),1596003180(puppetmakers),1596003206(drupal_admin)</blockquote>



</div><div><br></div><div>I&#39;ve also just noticed that the group ID reported is \
not consistent but can vary. I&#39;ve searched my AD server for a group objectSID in \
question but have not found one; the group does not exist.</div>


<div><br></div><div>There seem to be no negative side effects aside from the error \
message and unmapped GID in the output of the `id` \
command.</div><div><div><br></div></div><div>My config:</div><div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">



[sssd]<br>config_file_version = 2<br>debug_level = 0<br>reconnection_retries = \
3<br>sbus_timeout = 30<br>services = nss, pam<br>domains = DOMAIN<br> \
<br>[pam]<br>debug_level = 0<br></blockquote><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">



 </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">[nss]<br>debug_level \
= 0<br>filter_users = \
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm<br>


filter_groups = root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm<br>reconnection_retries \
= 3<br>default_shell = /bin/bash<br>shell_fallback = \
/bin/bash<br></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">



 </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">[domain/DOMAIN]<br>debug_level \
= 0<br>ad_domain = DOMAIN.local<br>


id_provider = ad<br>auth_provider = ad<br>chpass_provider = ad<br>access_provider = \
ad<br>enumerate = true<br>cache_credentials = true<br># Will check unixHomeDirectory \
LDAP attribute for a value first<br>fallback_homedir = /home/%u<br>


dyndns_update = true<br>dyndns_update_ptr = true<br>ldap_schema = \
ad<br>ldap_id_mapping = true<br>default_shell = \
/bin/bash</blockquote></div><div><div><br></div><div>Thanks!</div><div><br></div>-Chris</div>
 </div></div>


[Attachment #6 (text/plain)]

_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic