Bug 1038637

Summary: If SSSD starts offline, subdomains list is never read.
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED CURRENTRELEASE QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: grajaiya, jagee, jgalipea, lslebodn, mkosek, pbrezina
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.11.2-18.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 11:50:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2013-12-05 14:32:24 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2168

If Data Provider was unable to refresh the subdomain list, the sss_domain_info->subdomains list was NULL. Which meant that no DP request matched any known domain and hence offline authentication was not working correctly.
Comment 1 Jakub Hrozek 2013-12-09 21:39:41 UTC 
Pushed upstream:
    master: 2b4b6b829f197493b4901bec96fefaadbc7a2464
    sssd-1-11: 3405f6cff7ba3ccab8bbc2e0d043d28ae021fcb9
Comment 3 Jakub Hrozek 2013-12-20 09:05:01 UTC 
More fixes from upstream landed in sssd-1.11.2-18.el7
Comment 4 Jeremy Agee 2014-02-26 12:50:29 UTC 
verified where offline creds are first created and iptables blocks access to the AD.  sssd is then restarted are logins still succeed.

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ad_forest_auth_6: bz1038637 If SSSD starts offline, subdomains list is never read
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'su_success enterprise_user_dom1 Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_success enterprise_user_dom2 Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_success enterprise_user_dom3.com Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_success enterprise_user_dom1 Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_success enterprise_user_dom2 Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_success enterprise_user_dom3.com Secret123' (Expected 0, got 0)
:: [   PASS   ] :: File '/var/log/sssd/sssd_sssdad.com.log' should contain '\[get_subdomains_callback\] (0x0400): Backend returned: (1, 11, <NULL>) \[Provider is Offline' 
:: [   LOG    ] :: Duration: 30s
:: [   LOG    ] :: Assertions: 7 good, 0 bad
:: [   PASS   ] :: RESULT: ad_forest_auth_6: bz1038637 If SSSD starts offline, subdomains list is never read
Comment 5 Ludek Smid 2014-06-13 11:50:48 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.