Stopping nscd did not change anything. "groups username" still shows user as member of Administrators.
On Fri, Feb 24, 2017 at 9:50 AM, Mark Coetser mark@pkfnet.co.za wrote:
stop nscd and check again.
-- Thank you,
Mark Adrian Coetser mark@pkfnet.co.za
... bleakness ... desolation ... plastic forks ...
On 24/02/2017 16:40, Bernard Fay wrote:
On Fri, Feb 24, 2017 at 9:12 AM, Michael Wandel <m.wandel@t-online.de mailto:m.wandel@t-online.de> wrote:
On 24.02.2017 14 <tel:24.02.2017%2014>:55, Bernard Fay wrote: > Hi, > > I removed a user from an LDAP group about a week ago. Today, thisuser > still shows as member of the group with the Linux command groups. Also, > the group (Administrators) appears twice in the output of the command id: > uid=10000(username) gid=10000(Administrators) > groups=10001(users),10005(devel),10011(video),10015(ansible) ,10000(Administrators) >
Can you please let us know about your nss configuration /etc/nsswitch.conf . IMHO it looks ok that the administrators is the primary group and also in the groups enumeration. > The command getent though shows the proper group assignation: > getent group | grep username | cut -d: -f1 > users > devel > video > ansible > > All of those groups are LDAP group. > > Does someone knows why and would know how to fix this? you can't find primary groups for a user with your command, grepping throug "getent group" . In modern systems aka sssd it is not a good idea, because enumeration ist by default set to false.]# grep -Ev "^#|^$" /etc/nsswitch.conf passwd: files sss ldap shadow: files sss ldap group: files sss ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss ldap publickey: nisplus automount: files ldap aliases: files nisplus
The user has been removed from the groups Administrators so it should not show.
I do not use sssd as our LDAP is not secured so I use nscd. This LDAP is confined a lab.
Thanks,