Bug 1163806
| Summary: | [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
| Component: | sssd | Assignee: | Pavel Reichl <preichl> |
| Status: | CLOSED ERRATA | QA Contact: | Dan Lavu <dlavu> |
| Severity: | medium | Docs Contact: | Milan Navratil <mnavrati> |
| Priority: | unspecified | ||
| Version: | 7.1 | CC: | ahoness, amarirom, cww, dlavu, grajaiya, jgalipea, jhrozek, kbanerje, lslebodn, mkosek, mnavrati, mzidek, pbrezina, preichl, savsingh, sssd-maint |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | Flags: | dlavu:
needinfo-
|
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.13.0-0.1.alpha.el7 | Doc Type: | Release Note |
| Doc Text: |
SSSD supports overriding automatically discovered AD site
The Active Directory (AD) DNS site to which the client connects is discovered automatically by default. However, the default automatic search might not discover the most suitable AD site in certain setups. In such situations, you can now define the DNS site manually using the *ad_site* parameter in the *[domain/NAME]* section of the */etc/sssd/sssd.conf* file.
|
Story Points: | --- |
| Clone Of: | 1161564 | Environment: | |
| Last Closed: | 2015-11-19 11:35:06 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1161564 | ||
| Bug Blocks: | 1075802, 1181710 | ||
Verified, testing against sssd-client-1.13.0-29.el7.x86_64. ###### [root@sssd1-13-0-29 ~]# cat /etc/sssd/sssd.conf [sssd] domains = sssdad2012r2.com config_file_version = 2 services = nss, pam [domain/sssdad2012r2.com] ad_domain = sssdad2012r2.com krb5_realm = SSSDAD2012R2.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ad ad_site = fedora debug_level = 0xfff0 ###### All requests are going to schrodinger which is the AD server in that site. 15:25:08.210486 IP heisenbug.sssdad2012r2.com.kerberos > sssd1-13-0-29.sssdad2012r2.com.35049: Flags [.], ack 1779, win 514, options [nop,nop,TS val 6041199 ecr 59890869], length 0 15:25:08.210492 IP heisenbug.sssdad2012r2.com.kerberos > sssd1-13-0-29.sssdad2012r2.com.35049: Flags [R.], seq 1765, ack 1779, win 0, length 0 15:25:37.319579 IP sssd1-13-0-29.sssdad2012r2.com.38347 > schrodinger.sssdad2012r2.com.kerberos: v5 15:25:37.319945 IP schrodinger.sssdad2012r2.com.kerberos > sssd1-13-0-29.sssdad2012r2.com.38347: 15:25:37.320150 IP sssd1-13-0-29.sssdad2012r2.com.52557 > schrodinger.sssdad2012r2.com.kerberos: v5 15:25:37.320635 IP schrodinger.sssdad2012r2.com.kerberos > sssd1-13-0-29.sssdad2012r2.com.52557: 15:25:37.320781 IP sssd1-13-0-29.sssdad2012r2.com.50706 > schrodinger.sssdad2012r2.com.kerberos: Flags [S], seq 3325955106, win 29200, options [mss 1460,sackOK,TS val 59919980 ecr 0,nop,wscale 7], length 0 Changing the sites. 15:25:07.904798 IP sssd1-13-0-29.sssdad2012r2.com.51151 > heisenbug.sssdad2012r2.com.kerberos: v5 15:25:07.906046 IP heisenbug.sssdad2012r2.com.kerberos > sssd1-13-0-29.sssdad2012r2.com.51151: 15:25:07.906334 IP sssd1-13-0-29.sssdad2012r2.com.50469 > heisenbug.sssdad2012r2.com.kerberos: v5 15:25:07.907092 IP heisenbug.sssdad2012r2.com.kerberos > sssd1-13-0-29.sssdad2012r2.com.50469: 15:25:07.907218 IP sssd1-13-0-29.sssdad2012r2.com.35047 > heisenbug.sssdad2012r2.com.kerberos: Flags [S], seq 998764056, win 29200, options [mss 1460,sackOK,TS val 59890566 ecr 0,nop,wscale 7], length 0 All requests are going to heisenbug which is in the Default_Site. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2355.html |
Fixed upstream: master: b22e0da9e644f5eb84ee0c8986979fec3fe7eb56 e438fbf102c3d787902504bdae177e84230cbbc9 sssd-1-12: 6992f203c2b37d130287eae11f3929d0000e6d44 e2f4a87ef4a657d27c3ec544fd75a21eefcf3ce7