On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose <sbose@redhat.com> wrote:
On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote:
> I have 300 out of 3000 users whose /home/<username> dir shows uid and gid
> instead of username and groupname.
>
> It seems to be behaving like a bug
>
> As soon I become a user with `sudo su - username' the uid of the home dir
> changes to username but gid still does not change to groupname.
>
> I also get an error message, but still successfully become that user
>
> $ ls -ld /home/mbniels
> drwx------. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels
>
> $ su - mbniels
> Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39
> /usr/bin/id: cannot find name for group ID 80974
> groups: cannot find name for group ID 80974
>
> $ ls -ld /home/mbniels
> drwx------. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels
>
> Then to check the groups of username I get another error which then gets
> cleared by next command.
>
> $ groups mbniels
> mbniels : groups: cannot find name for group ID 80974
> 80974 users
>
> $ getent group mbniels
> mbniels:*:80974
>
> $ groups mbniels
> mbniels : mbniels users
>
> It also fixes the gid to groupname
>
> $ ls -ld /home/mbniels/
> drwx------. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/
>
> I noticed it reverts after may be within half an hour, not exact sure when.
> Almost behaves like `quantum entanglement'.
> As soon as I try to check by trying to become that user the issue
> disappears.
>
> This is not just cosmetic issue, when the home dir shows ownership with
> uid, instead of username, the user fails some commands.
>
> We just started noticing today, since we just built this box and only few
> months ago and users are being invited to start using this server
>
> Some annoying error it is showing like below and user then fails to ssh
>
>      $ ssh remote
>         No user exists for uid 80974
>
> I am using centos 7 and  sssd 1.15.2
>
> $ cat /etc/redhat-release
> CentOS Linux release 7.4.1708 (Core)
>
> $ sssd --version
> 1.15.2
>
> Here are some relevant logs
> https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA

It looks like you are not using a plain RFC2307bis LDAP schema. Can you
send you sssd.conf and a typical LDAP user and group object?

bye,
Sumit


Here is an ldap user and I using same info as group (sanitized)

 dn: uid=mbniels,ou=People,dc=example,dc=com
roomNumber: 123456
departmentNumber: 3.11.3
tier1: Technology
joblevel: 6
legacycompany: G
mobile: +11234567890
manager: uid=managerid,ou=People,dc=example,dc=com
departmentname: TESTING & INTEG
costcenter: S0019751
companynumber: S001
companyname: EXAMPLE COMPANY
displayName: FOO, BAR
preferredname: Mark
docshareaccess: TRUE
sAMAccountName: mbniels
l: XX
street: 123 example ave
saploginid: foobar
title: LEAD ARCHITECT
postalCode: 123456
employeeNumber: 00112233
mail: foo.bar@example.com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: mnetPerson
mnetid: 080974
uid: mbniels
givenName: Mark
st: XX
cn: Foo Bar
sn: Bar
employeeType: Management
initials: X
nationnumber: USA
nationname: United States


>
> Appreciate any help
>
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?

> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org



--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?