Bug 1219844

Summary: Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust
Product: Red Hat Enterprise Linux 6 Reporter: Sumit Bose <sbose>
Component: sssdAssignee: Sumit Bose <sbose>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.7CC: grajaiya, hjensas, jgalipea, jhrozek, kbanerje, lslebodn, mkosek, mzidek, pbrezina, preichl, sbose, sgoveas, tlavigne, xdong
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.12.4-40.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1219285 Environment:
Last Closed: 2015-07-22 06:46:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1219285, 1263262    
Bug Blocks:    

Comment 1 Jakub Hrozek 2015-05-10 19:22:47 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2650
Comment 2 Jakub Hrozek 2015-05-12 09:22:36 UTC 
Fixed upstream:
    master: a50b229c8ea1e22c9efa677760b94d8c48c3ec89
    sssd-1-12: 0f85298a31beb53375635b82cb274d29eae45774
Comment 3 Sumit Bose 2015-05-15 08:56:17 UTC 
How to verify:

Without trust the issue can be verified by checking the logs.                                                                                                                         
ipa_get_view_name_done() should fail with the message "get_view_name request failed, looks like server does not support views." and continue to read data about the IPA domain. Without this path you should see "get_view_name request failed." and the whole request should be canceled.
Comment 5 Xiyang Dong 2015-06-08 19:26:48 UTC 
Verified on sssd-1.12.4-45.el6:

[root@celeno ~]# sed -i  '/\[domain\/testrelm.test\]/a\debug_level = 10' /etc/sssd/sssd.conf 

[root@celeno ~]# service sssd restart
Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]

[root@celeno ~]# cat /var/log/sssd/sssd_testrelm.test.log | grep ipa_get_view_name_done | grep "get_view_name request failed, looks like server does not support views"
(Mon Jun  8 12:45:53 2015) [sssd[be[testrelm.test]]] [ipa_get_view_name_done] (0x0400): get_view_name request failed, looks like server does not support views.
(Mon Jun  8 12:45:53 2015) [sssd[be[testrelm.test]]] [ipa_get_view_name_done] (0x0400): get_view_name request failed, looks like server does not support views.
Comment 7 errata-xmlrpc 2015-07-22 06:46:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1448.html