Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1477106 Details for
Bug 1514061
ID override GID from Default Trust View is not properly resolved in case domain resolution order is set
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Logs of manual verification
ID override GID from Default Trust View is not properly resolved in case domain resolution order is set.txt (text/plain), 4.27 KB, created by
Ganna Kaihorodova
on 2018-08-20 09:07:04 UTC
(
hide
)
Description:
Logs of manual verification
Filename:
MIME Type:
Creator:
Ganna Kaihorodova
Created:
2018-08-20 09:07:04 UTC
Size:
4.27 KB
patch
obsolete
>[root@hp-dl380pgen8-02-vm-14 ~]# ipa trust-find >--------------- >1 trust matched >--------------- > Realm name: ipaad2016.test > Domain NetBIOS name: IPAAD2016 > Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681 > Trust type: Active Directory domain >---------------------------- >Number of entries returned 1 >---------------------------- >[root@hp-dl380pgen8-02-vm-14 ~]# ipa group-add --desc='ipaad2016.test admins external map' ad_admins_external --external >-------------------------------- >Added group "ad_admins_external" >-------------------------------- > Group name: ad_admins_external > Description: ipaad2016.test admins external map >[root@hp-dl380pgen8-02-vm-14 ~]# ipa group-add --desc='ipaad2016.test admins' ad_admins >----------------------- >Added group "ad_admins" >----------------------- > Group name: ad_admins > Description: ipaad2016.test admins > GID: 1451600005 >[root@hp-dl380pgen8-02-vm-14 ~]# ipa group-add-member ad_admins_external --external 'ipaad2016.test\Domain Admins' >[member user]: >[member group]: > Group name: ad_admins_external > Description: ipaad2016.test admins external map > External member: S-1-5-21-813110839-3732285123-1597101681-512 >------------------------- >Number of members added 1 >------------------------- >[root@hp-dl380pgen8-02-vm-14 ~]# id aduser@ipaad2016.test >uid=1577608158(aduser@ipaad2016.test) gid=1577608156 groups=1577608156,1577600513(domain users@ipaad2016.test),1577600512(domain admins@ipaad2016.test) >[root@hp-dl380pgen8-02-vm-14 ~]# ipa idoverrideuser-add 'Default Trust View' aduser@ipaad2016.test --gidnumber=1451600005 >---------------------------------------------- >Added User ID override "aduser@ipaad2016.test" >---------------------------------------------- > Anchor to override: aduser@ipaad2016.test > GID: 1451600005 >[root@hp-dl380pgen8-02-vm-14 ~]# systemctl stop sssd; rm -rf /var/lib/sss/{db,mc}/* /var/log/sssd/*; systemctl start sssd >[root@hp-dl380pgen8-02-vm-14 ~]# id aduser@ipaad2016.test >uid=1577608158(aduser@ipaad2016.test) gid=1451600005(ad_admins@lab.bos.redhat.com) groups=1451600005(ad_admins@lab.bos.redhat.com),1577600512(domain admins@ipaad2016.test),1577600513(domain users@ipaad2016.test),1577608156(ad_admins@ipaad2016.test) >[root@hp-dl380pgen8-02-vm-14 ~]# ipa config-mod --domain-resolution-order=ipaad2016.test:lab.bos.redhat.com > Maximum username length: 32 > Home directory base: /home > Default shell: /bin/sh > Default users group: ipausers > Default e-mail domain: lab.bos.redhat.com > Search time limit: 2 > Search size limit: 100 > User search fields: uid,givenname,sn,telephonenumber,ou,title > Group search fields: cn,description > Enable migration mode: FALSE > Certificate Subject base: O=LAB.BOS.REDHAT.COM > Password Expiration Notification (days): 4 > Password plugin features: AllowNThash, KDC:Disable Last Success > SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 > Default SELinux user: unconfined_u:s0-s0:c0.c1023 > Default PAC types: MS-PAC, nfs:NONE > IPA masters: hp-dl380pgen8-02-vm-14.lab.bos.redhat.com > IPA CA servers: hp-dl380pgen8-02-vm-14.lab.bos.redhat.com > IPA NTP servers: hp-dl380pgen8-02-vm-14.lab.bos.redhat.com > IPA CA renewal master: hp-dl380pgen8-02-vm-14.lab.bos.redhat.com > IPA master capable of PKINIT: hp-dl380pgen8-02-vm-14.lab.bos.redhat.com > Domain resolution order: ipaad2016.test:lab.bos.redhat.com >[root@hp-dl380pgen8-02-vm-14 ~]# id aduser@ipaad2016.test >uid=1577608158(aduser@ipaad2016.test) gid=1451600005(ad_admins@lab.bos.redhat.com) groups=1451600005(ad_admins@lab.bos.redhat.com),1577600512(domain admins@ipaad2016.test),1577600513(domain users@ipaad2016.test),1577608156(ad_admins@ipaad2016.test) >[root@hp-dl380pgen8-02-vm-14 ~]# systemctl stop sssd; rm -rf /var/lib/sss/{db,mc}/* /var/log/sssd/*; systemctl start sssd >[root@hp-dl380pgen8-02-vm-14 ~]# id aduser >uid=1577608158(aduser@ipaad2016.test) gid=1451600005(ad_admins@lab.bos.redhat.com) groups=1451600005(ad_admins@lab.bos.redhat.com),1577600512(domain admins@ipaad2016.test),1577600513(domain users@ipaad2016.test),1577608156(ad_admins@ipaad2016.test) >[root@hp-dl380pgen8-02-vm-14 ~]# cat /etc/redhat-release >Red Hat Enterprise Linux Server release 7.6 Beta (Maipo) >[root@hp-dl380pgen8-02-vm-14 ~]# rpm -q ipa-server sssd >ipa-server-4.6.4-5.el7.x86_64 >sssd-1.16.2-12.el7.x86_64 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1477106">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1514061
: 1477106