Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments

    • continuous PartialGroupNameException with SSSD authentication

    Posted on

    We are using SSSD for AD integration in a Hadoop cluster and getting continuous PartialGroupNameException for a specific account.

    Below is the sample error snippet.

    ++++++++++++++++++++

    WARN org.apache.hadoop.security.ShellBasedUnixGroupsMapping: unable to return groups for user -SERV-CHEF-COM-JOIN
    PartialGroupNameException The user name '-SERV-CHEF-COM-JOIN' is not found. id: invalid option -- 'S'
    Try 'id --help' for more information.
    Try 'id --help' for more information.
    id: invalid option -- 'S'
    Try 'id --help' for more information.
    at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:212)
    at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:133)
    at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:72)
    at org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:368)
    at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:309)
    at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:267)
    at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
    at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
    at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
    at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
    at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3969)
    at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4829)
    at org.apache.hadoop.security.Groups.getGroups(Groups.java:225)
    at org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1778)
    at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1766)
    at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.(FSPermissionChecker.java:66)
    at org.apache.hadoop.hdfs.server.namenode.FSDirectory.getPermissionChecker(FSDirectory.java:3468)
    at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getPermissionChecker(FSNamesystem.java:4079)
    at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getFileInfo(FSNamesystem.java:4269)
    at org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.getFileInfo(NameNodeRpcServer.java:901)
    at org.apache.hadoop.hdfs.server.namenode.AuthorizationProviderProxyClientProtocol.getFileInfo(AuthorizationProviderProxyClientProtocol.java:528)
    at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.getFileInfo(ClientNamenodeProtocolServerSideTranslatorPB.java:839)
    at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
    at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:617)
    at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1073)
    at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2216)
    at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2212)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:415)
    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1920)
    at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2210)

    +++++++++++++++++++++++++++++

    Below error is logged in sssd logs.

    [sssd[nss]] [sss_mc_find_record] (0x0010): Corrupted fastcache. name_ptr value is 16.

    I have below parameter set in my SSSD config.

    +++
    override_space = _
    +++

    +++

    sssd --version

    1.15.2
    +++

    Man page for SSSD states the following,

    +++++
    override_space (string)

    This parameter will replace spaces (space bar) with the given character for user and group names.
    e.g. (_). User name "john doe" will be "john_doe" This feature was added to help compatibility with
    shell scripts that have difficulty handling spaces, due to the default field separator in the shell.

    Please note it is a configuration error to use a replacement character that might be used in user or group names.
    If a name contains the replacement character SSSD tries to return the unmodified name but in general the result of
    a lookup is undefined.

    Default: not set (spaces will not be replaced)
    +++++

    Are my error and the config settings related?

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat