Bug 1053106
Summary: | sssd ad trusted sub domain do not inherit fallbacks and overrides settings | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jeremy Agee <jagee> |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Kaushik Banerjee <kbanerje> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | grajaiya, jgalipea, jhrozek, kbanerje, lslebodn, mkosek, pbrezina, preichl |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.11.2-27.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 09:49:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jeremy Agee
2014-01-14 17:00:35 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/2196 Pushed upstream. master: c373732505c9a73a9a8b17533dafc618c95ea331 d57529a867940e83ed27f8c2326bde7f07db7b9a sssd-1-11: 156bbc97b3ebb8df42b658b8ab04c00f0d312eec 654fa152629cf93d6681d138eb806247fca4d9ae Tested the override setting in the domain section with sssd-1.11.2-27.el7 and looks like its fixed. [domain/sssdad.com] default_shell = /bin/bash override_homedir = /home/%d/%u administrator:*:498200500:498200513:Administrator:/home/sssdad.com/administrator:/bin/bash administrator.com:*:1184400500:1184400500:Administrator:/home/child1.sssdad.com/administrator:/bin/bash administrator:*:525400500:525400500:Administrator:/home/sssdad_tree.com/administrator:/bin/bash override_homedir = /home/%f administrator:*:498200500:498200513:Administrator:/home/administrator:/bin/bash administrator.com:*:1184400500:1184400500:Administrator:/home/administrator.com:/bin/bash administrator:*:525400500:525400500:Administrator:/home/administrator:/bin/bash I did see one small odd item. After removing the override and just leaving fallback_homedir in the [nss] section this showed up This one looks ok. [nss] fallback_homedir = /home/%d/%u administrator:*:498200500:498200513:Administrator:/home/sssdad.com/administrator:/bin/bash administrator.com:*:1184400500:1184400500:Administrator:/home/child1.sssdad.com/administrator:/bin/bash administrator:*:525400500:525400500:Administrator:/home/sssdad_tree.com/administrator:/bin/bash But this setting seems to not quite follow the expected behavior. The subdomains still do have the /home/%d/%u format even though fallback_homedir = /home/%f is in use. administrator:*:498200500:498200513:Administrator:/home/administrator:/bin/bash administrator.com:*:1184400500:1184400500:Administrator:/home/child1.sssdad.com/administrator:/bin/bash administrator:*:525400500:525400500:Administrator:/home/sssdad_tree.com/administrator:/bin/bash If fallback_homedir is used in the domain section the same thing happens as the nss section. I could be misunderstanding the man pages, but it does not read like the fallback_homedir options is to be used in the domain section. If it is invalid this last part may not be an issue but ill need to make sure realmd is not writing in sssd.conf by default. Jeremy, I think you stumbled upon the same mistake we realized on the devel list..currently the default for subdomain_homedir is always set even if the option is omitted from the config file. What we agreed on is to only make the subdomain_homedir work in the case of IPA trusts and adjust documentation accordingly. Changing the subdomain_homedir default is not an option as the configurations that might rely on existing default are already out there.. We'll prepare a new fix. Verified in version 1.11.2-29.el7 Output from beaker automation run: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ad_forest_05: bz 1053106 subdomain do not inherit fallbacks and overrides settings :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /home/sssdad.com/user1_dom1 :: [ PASS ] :: Running 'getent passwd user1_dom1 | awk -F: '{print $6}' | grep '/home/sssdad.com/user1_dom1'' (Expected 0, got 0) /home/sssdad_tree.com/user1_dom2 :: [ PASS ] :: Running 'getent passwd user1_dom2 | awk -F: '{print $6}' | grep '/home/sssdad_tree.com/user1_dom2'' (Expected 0, got 0) /home/child1.sssdad.com/user1_dom3 :: [ PASS ] :: Running 'getent passwd user1_dom3.com | awk -F: '{print $6}' | grep '/home/child1.sssdad.com/user1_dom3'' (Expected 0, got 0) This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |