Bug #16392
open
Admin group membership is lost on secondary after changes to user
Added by Dean Chang 16 days ago.
Updated 14 days ago.
Category:
High Availability
Affected Plus Version:
25.07.1
Affected Architecture:
All
Description
This affects the synchronization of users an a ha primary/secondary pair.
There is an existing user which is a member of the builtin admin group. On the primary, when I change the name, ssh key or set the disable flag, the user is removed from the admin group on the secondary system. When I edit the same user on the primary again, the user is added back to the admin group on the secondary automatically.
- Category changed from User Manager / Privileges to High Availability
- Status changed from New to Assigned
- Assignee set to Reid Linnemann
This looks like a goofy application of the 'synchronize admin accounts' option in the HA config. With this disabled, the behavior you noted exists, and it appears to me that the behavior goes away with it enabled. However, that knob should only control whether specifically the admin user is synchronized between the hosts. admin group membership should always be synchronized. Regardless if that's what is actually happening, I'll have a fix for this shortly, and we'll add it to the System Patches.
I did some more testing and my theory about the admin sync knob is incorrect. There's some interesting behavior where sometimes the admin group is synced and sometimes it isn't, and I believe this is related as when the group is not synced that is when the user is not attached to the admin group on the secondary.
I found it, there's a bug in the account and group sync that doesn't properly account for a user being modified and does not restore its group memberships.
That's great to hear, thank you very much for looking into this!
- Status changed from Assigned to Feedback
- Target version set to 25.11
This is fixed in CE change 7d545332, I'm also merging it to Plus for 25.11 and the fix will be made available in the system patches as well.
reproduced on 25.07.1
latest Plus Dev has it fixed
tested on:
25.11-DEVELOPMENT (amd64)
built on Fri Aug 29 1:56:00 UTC 2025
FreeBSD 15.0-PRERELEASE
Please add patch link/id when available
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by