From 4744b72f68b889e35b3b2c017b115d35a9fe9600 Mon Sep 17 00:00:00 2001 From: Konrad Bucheli Date: Mon, 23 Sep 2024 11:35:14 +0200 Subject: [PATCH] eaccounts also within --- admin-guide/configuration/eaccounts.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/admin-guide/configuration/eaccounts.md b/admin-guide/configuration/eaccounts.md index 15f5ddbd..42ff58d0 100644 --- a/admin-guide/configuration/eaccounts.md +++ b/admin-guide/configuration/eaccounts.md @@ -52,16 +52,16 @@ The way this has been solved causes problems with group member lookups with eacc Without eaccounts only normal users are found as part of the group (which is correct): ``` -[root@lxdev04 ~]# getent group p21996 -p21996:*:21996:dorigo_a,cirelli_c +[root@lxdev04 ~]# getent group SARESA +SARESA:*:35184:babic_a,ebner,kapeller,...,huppert_m,carulla_m,schoel_m [root@lxdev04 ~]# ``` but with eaccounts enabled only the eaccount members are listed: ``` -[root@lxdev01 ~]# getent group p21996 -p21996:*:21996:e21996 -[root@lxdev01 ~]# +[root@lxdev01 ~]# getent group SARESA +SARESA:*:35184:e21996,e21997,e21992,...,e17806,e17589,gac-alvra +[root@lxdev01 ~]# ``` If for a system this is a problem, and at the same time there is no need for ignoring `override_homedir`, you may enable the eaccounts with @@ -71,11 +71,12 @@ aaa::enable_eaccounts: true aaa::enable_eaccounts::ignore_override_homedir: false ``` - - - - - +then you get both type of members: +``` +[root@lxdev07 ~]# getent group SARESA +SARESA:*:35184:e21996,...,e17589,ext-kapetanaki_s,...,ext-tyrala_k +[root@lxdev07 ~]# +``` There is a [open case](https://access.redhat.com/support/cases/#/case/03912615) at RedHat on how to deal best with this problem.