I need to assign a secondary group membership to a user on a client machine running 10.7.4. In CLI
edit3:~ admin$ sudo su -
edit3:etc root# dseditgroup -o edit -a userA -t user QC
edit3:etc root# dseditgroup -o edit -a userB -t user QC
edit3:etc root# dsmemberutil checkmembership -U userA -G QC
user is a member of the group
edit3:etc root# dsmemberutil checkmembership -U userB -G QC
user is a member of the group
When userA or userB logs in to my Isilon cluster, he is denied access (does not have QC privileges)
So I try this:
edit3:~ root# cd /etc/
edit3:etc root# dscl . append /Groups/QC GroupMembership userA
edit3:etc root# dscl . append /Groups/QC GroupMembership userB
edit3:etc root# dsmemberutil checkmembership -U userA -G QC
user is a member of the group
edit3:etc root# dsmemberutil checkmembership -U userB -G QC
user is a member of the group
Again, users denied access.
Getting more details:
edit3:~ root# dscacheutil -q group | grep QC -B 10 -A 10
name: groupX
password:
gid: 1009
name: QC
password:
gid: 1021
users: scook dfarley
name: groupZ
password:
gid: 1012
Funny that QC group lists members with secondary membership but no primaries listed in any group (except system groups)
Again digging for more info:
edit3:~ root# dscl . readall /users | grep Secondary -B 10 -A 10
edit3:~ root#
Questions:
Why is the system not presenting a secondary group membership correctly, since we verified that userA and userB do in fact belong to QC group?
Can I list secondary membership along with primary membership?
Doing the exact same steps on another client running same version of OS works. I've done the reboots, following changes. I then reinstalled clean OS , and repeated the entire cycle, twice. Still no joy.
Anybody?
Best Answer
Superfical answer but perhaps it may help:
tells me that this command is deprecated, and I should be using
or
I then get the list of groups that i belong to in its entirety.