Bug 1267837

Summary: sssd_be crashed in ipa_srv_ad_acct_lookup_step
Product: Red Hat Enterprise Linux 7 Reporter: Lukas Slebodnik <lslebodn>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: grajaiya, jgalipea, jhrozek, ksiddiqu, lmiksik, lslebodn, mkosek, mzidek, pbrezina, preichl, sgoveas, sumenon
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.13.0-39.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 11:40:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Slebodnik 2015-10-01 08:01:08 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2810

{{{
crash_function: ipa_srv_ad_acct_lookup_step                                                     executable:     /usr/libexec/sssd/sssd_be                                                                 
pkg_name:       sssd-common                                                                               
pkg_release:    0.20150930.1317.git6491a24.master.el7.centos
}}}
Comment 1 Jakub Hrozek 2015-10-02 06:58:34 UTC 
To reproduce:
Establish IPA-AD trusts with POSIX attributes but do not replicate the POSIX attributes to Global Catalog. Run "getent group $adgroup".

btw Sudhir was able to reproduce the crash and our fix helped him fix it.
Comment 3 Jakub Hrozek 2015-10-07 10:58:38 UTC 
    master:
        309aa83d16b5919f727af04850bcd0799ba0962f
        afb21fd06690a0bec288a7970abf74ed2ea7dfdc 
    sssd-1-13:
        15a4b34ccfcfbcec2c9ba529d0113adf251abc16
        f1742784d9b1cffd74f67beeb26375124183428a
Comment 4 Jakub Hrozek 2015-10-07 10:58:57 UTC 
*** Bug 1269058 has been marked as a duplicate of this bug. ***
Comment 6 Sudhir Menon 2015-10-14 11:36:11 UTC 
Verified using RHEL 7.2 and Windows 2012 R2

sssd-1.13.0-39.el7.x86_64
ipa-server-trust-ad-4.2.0-13.el7.x86_64
ipa-server-dns-4.2.0-13.el7.x86_64
ipa-server-4.2.0-13.el7.x86_64

[root@ipa02 ~]# ipa trust-add --range-type=ipa-ad-trust-posix
Realm name: SLABS.QE
Active Directory domain administrator: administrator
Active Directory domain administrator's password: 
-------------------------------------------------
Added Active Directory trust for realm "slabs.qe"
-------------------------------------------------
  Realm name: slabs.qe
  Domain NetBIOS name: SLABS
  Domain Security Identifier: S-1-5-21-1198230686-218755016-3050646183
  SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17,
                          S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19,
                          S-1-5-18
  SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17,
                          S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19,
                          S-1-5-18
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified

[root@ipaclient02 ~]# getent group agroup1
agroup1:*:10000:
Comment 7 errata-xmlrpc 2015-11-19 11:40:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html