IPA: HBAC doesn't honour primary group membership for IPA user
Issue
- IPA: HBAC doesn't honor primary group membership for IPA user causing
ipa hbactest
and user login to fail.
# ipa hbactest --user=testuser --host=`hostname` --service=sshd
---------------------
Access granted: False
---------------------
Not matched rules: testhbac
# id testuser
uid=1767400004(testuser) gid=1767400003(testgroup) groups=1767400003(testgroup) <---- Group is visible
# getent group testgroup
testgroup:*:1767400003: <---- Empty Output
# ipa group-show testgroup
Group name: testgroup
GID: 1767400003
Member of HBAC rule: testhbac
# ipa hbacrule-show testhbac
Rule name: testhbac
Enabled: TRUE
User Groups: testgroup
Host Groups: testhostgroup
Services: sshd
Environment
- Red Hat Enterprise Linux 7.6
- ipa-server-4.6.4-10.el7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.