On Thu, Aug 01, 2013 at 04:30:08PM +0000, Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) wrote:
Thanks very much Sumit. What debug level would you recommend ?
the highest, 9 or 0xFFF0
And in which section....the domain specific section or nss or pam or all three ?
the domain and nss section, pam is not needed here.
bye, Sumit
Al Licause HP L2 UNIX Network Services HP Customer Support Center Hours 7am-3pm Pacific time USA Manager: tom.cernilli@hp.com
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Sumit Bose Sent: Thursday, August 01, 2013 9:21 AM To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] ls not displaying group names...only gid's...using sssd
On Thu, Aug 01, 2013 at 03:58:49PM +0000, Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) wrote:
I am working with a customer running RHEL V6.4. They are using ldap for authentication. No problem authenticating a users login but the gids are not consistantly being translated to group names when running id,ls -l or other commands that display the group information. They are using sssd with caching enabled.
They are using encrypted communications between the client and server but at my request they switched to unencrypted (port 389) so we could capture a tcpdump. The dump was taken for an ls -l command and it does show two differnt gid's sent to the ldap server and the correct group names are being returned.
However, the ls command only shows the gid values and not the names.
They mentioned that if they run getent group groupname, sssd will cache that information for a while until the entry times out and then the group names are no longer displayed.
so 'id' or 'ls -l' display the names for some time and then only the numbers are displayed?
Please add the debug_level option to sssd.conf, see man sssd.conf for details. The higher the level the better. The most interesting log files here are /var/log/sssd/sssd_nss.log and /var/log/sssd/sssd_DOMAIN.log. Fell free to send them to me directly if you need some help debugging.
bye, Sumit
I am not sure how to further debug this and cannot explain why when the ldap server returns the correct group names, it is not being displayed by the host commands.
Can anyone suggest some other techniques to find out where the group names are being dropped ?
Any help greatly appreciated.
Al Licause
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users