KB-0168: groups are not interpreted on 'id -a' command
Authentication Service
,
Show Properties
Hide Properties
|
10/28/2013 12:50 PM |
|
12/1/2017 12:57 AM |
|
4/12/2016 11:24 AM |
|
Article Audience |
|
Products |
Authentication Service
|
Operating Systems |
All
|
Service |
Centrify Infrastructure Services
|
|
|
|
|
000003431 |
|
KB-0168: groups are not interpreted on 'id -a' command |
|
Problem:
When logged in as AD User and executing:
id -a
OR
id -a ADuser
as root user, the ADUser's secondary groups are not interpreted, just the gids are displayed.
Example: uid=100(Ian) gid=1000(admin), groups=2000,301,1002
The centrifydc.log tells in that case that there are a lot of disconnects while ldap searches against the Windows DC.
Resolution:
This issue can be solved by editing the /etc/centrify/centrifydc.conf file. Open the /etc/centrify/centrifydc.conf in an editor and look for
adclient.fetch.object.count=100
and set it to a lower value eg. 5 and re-start centrifydc.
Execute the above command again. Now values should be displayed correctly.
The example above should show up like:
uid=100(Ian) gid=1000(admin), groups=2000(sup),301(prod),1002(doc)