On 24.02.2017 15:56, Bernard Fay wrote:
Stopping nscd did not change anything. "groups username"
user as member of Administrators.
please can you make an ldapsearch for the object username and the output
from getent passwd username.
On Fri, Feb 24, 2017 at 9:50 AM, Mark Coetser <mark(a)pkfnet.co.za
stop nscd and check again.
Mark Adrian Coetser
... bleakness ... desolation ... plastic forks ...
On 24/02/2017 16:40, Bernard Fay wrote:
On Fri, Feb 24, 2017 at 9:12 AM, Michael Wandel
On 24.02.2017 14 <tel:24.02.2017%2014>
<tel:24.02.2017%2014>:55, Bernard Fay wrote:
> I removed a user from an LDAP group about a week ago.
Today, this user
> still shows as member of the group with the Linux command
> the group (Administrators) appears twice in the output of
the command id:
> uid=10000(username) gid=10000(Administrators)
Can you please let us know about your nss configuration
/etc/nsswitch.conf . IMHO it looks ok that the
administrators is the
primary group and also in the groups enumeration.
> The command getent though shows the proper group assignation:
> getent group | grep username | cut -d: -f1
> All of those groups are LDAP group.
> Does someone knows why and would know how to fix this?
you can't find primary groups for a user with your command,
throug "getent group" . In modern systems aka sssd it is not
idea, because enumeration ist by default set to false.
]# grep -Ev "^\#|^$" /etc/nsswitch.conf
passwd: files sss ldap
shadow: files sss ldap
group: files sss ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
services: files sss
netgroup: files sss ldap
automount: files ldap
aliases: files nisplus
The user has been removed from the groups Administrators so it
I do not use sssd as our LDAP is not secured so I use nscd.
is confined a lab.