+++ This bug was initially created as a clone of Bug #689886 +++ Description of problem: when performing initgroups in the IPA provider, only the user we are performing initgroups for is stored in cache. Version-Release number of selected component (if applicable): sssd-1.5.1-14.el6.x86_64 How reproducible: always Steps to Reproduce: 0. start with clear cache 1. log in as user who is a member of a group that contains at least one other user 2. run id to get the list of the groups 3. getent passwd <group> only shows the user you are logged in as Actual results: getent group does not show all users Expected results: all users are reported Additional info: The root cause is storing the group as not expired even when not all the members are present in the cache. Next time getgrnam/getgrgid is called, the group is not refreshed with the other members and just returned. --- Additional comment from jhrozek on 2011-03-22 13:59:21 EDT --- Upstream ticket - https://fedorahosted.org/sssd/ticket/822
SERVER: RHEL 6.1 ipa-server-2.0.0-23.el6.x86_64 CLIENT: RHEL 5.7 ipa-client-2.0-14.el5 sssd-1.5.1-35.el5 From Server: 1) Add two users # ipa user-add --first Mickey --last Mouse mickey ------------------- Added user "mickey" ------------------- User login: mickey First name: Mickey Last name: Mouse Full name: Mickey Mouse Display name: Mickey Mouse Initials: MM Home directory: /home/mickey GECOS field: mickey Login shell: /bin/sh Kerberos principal: mickey@TESTRELM UID: 239400008 # ipa user-add --first Minnie --last Mouse minnie ------------------- Added user "minnie" ------------------- User login: minnie First name: Minnie Last name: Mouse Full name: Minnie Mouse Display name: Minnie Mouse Initials: MM Home directory: /home/minnie GECOS field: minnie Login shell: /bin/sh Kerberos principal: minnie@TESTRELM UID: 239400009 2) Add a new group # ipa group-add --desc Disney mice ------------------ Added group "mice" ------------------ Group name: mice Description: Disney GID: 239400010 3) Add the two users to a the group # ipa group-add-member --users "mickey,minnie" mice Group name: mice Description: Disney GID: 239400010 Member users: mickey, minnie ------------------------- Number of members added 2 ------------------------- 4) Add one of the users a password for login # ipa passwd mickey Password: Enter Password again to verify: -------------------------------------- Changed password for "mickey@TESTRELM" -------------------------------------- From the Client: 5) Clean sssd cache and dbs #service sssd stop Stopping sssd: [ OK ] # rm -rf /var/lib/sss/db/* # service sssd start Starting sssd: [ OK ] 6) Initiate login from the client # ssh mickey mickey's password: Last login: Fri May 27 14:19:36 2011 from 10.16.76.36 Could not chdir to home directory /home/mickey: No such file or directory -sh-4.1$ 7) getent group groupname # getent group mice mice:*:239400010:mickey,minnie VERIFIED
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0975.html