Re: cannot find name for group ID on all groups
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: cannot find name for group ID on all groups
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Tom Farrow <tom.farrow [at] first-utility.com>, nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: cannot find name for group ID on all groups
- Date: Mon, 05 Mar 2018 18:43:31 +0100
On Mon, 2018-03-05 at 16:27 +0000, Tom Farrow wrote:
> Everything is working as expected, apart from groups:
> $ groups tfarrow
> tfarrow : users groups: cannot find name for group ID 1708
> 1708 groups: cannot find name for group ID 1686
> 1686 groups: cannot find name for group ID 2894
> 2894 groups: cannot find name for group ID 1689
> 1689 groups: cannot find name for group ID 1836
> 1836 groups: cannot find name for group ID 2913
> 2913 groups: cannot find name for group ID 1376
> 1376 groups: cannot find name for group ID 1393
> 1393 groups: cannot find name for group ID 1878
It looks like the group ID to group entity lookups do not work. This
means that these probably also fail:
getent group 1708
There could be several causes for this but in general running nslcd in
debugging mode (nslcd -d) should show what it is doing and which LDAP
queries are performed.
Also, nscd can end up caching certain lookups so for debugging purposes
it is generally better to stop it or run nscd -i passwd;nscd -i group
before any tests.
> getent group shows there to be not much of a problem.
getent group GROUPNAME
getent group GROUPID
getent group
all result in different searches to be performed. It seems the second
search fails for some reason.
> Am I missing some piece of configuration? nsswitch.conf looks like
> this:
>
> passwd: compat ldap
> group: files ldap
> shadow: compat ldap
> gshadow: files ldap
Unless you use netgroups in general it is better to use files over
compat because it is a little simpler (but shouldn't cause problems in
this case unless you have entries start with + in /etc/passwd).
So debug output from nslcd may help as well as your attribute mapping
configuration in nslcd.conf.
Kind regards,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
