Bug 1487040
| Summary: | sssd does not evaluate AD UPN suffixes which results in failed user logins | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Abhinay Reddy Peddireddy <apeddire> |
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.9 | CC: | amore, apeddire, asakure, ddas, fidencio, grajaiya, jhrozek, jkurik, kludhwan, lslebodn, mkosek, mpanaous, mzidek, pbrezina, sgoveas, sssd-maint, tscherf, vmishra |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.13.3-59.el6 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-06-19 05:13:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1461138, 1504542 | ||
|
Description
Abhinay Reddy Peddireddy
2017-08-31 06:28:38 UTC
We believe this was fixed with upstream commit 9b8fcf685c5ca70a5067a621385bcdc8d9fd6469 therefore I'm marking the bug as POST and I'll provide test builds soon. Upstream ticket: https://pagure.io/SSSD/sssd/issue/3505 sssd-1-13: * 3542fe821765cad1f25f6c2a077b55fc1d7d0553 * 7f95edc43d9fc410aab5712552e17f28932ba344 * 07db882d99e2036be94dd305ba50587733b5f3a1 * 6b55915c3939da6e2474633d79783f838627a4b1 *** Bug 1489125 has been marked as a duplicate of this bug. *** PR with the additional patches: https://github.com/SSSD/sssd/pull/514 I'm also switching the bug back to ASSIGNED to make it clear additional patches must be merged. sssd-1-13: * 99afca8926fb211774de457e750dea27da8ac3a9 * 42dbd7ee691ffef8b136fc310128aadfd91fd70c * f6afb6f9418735bcfd125eb2bb2ffeeb5cc07d99 Verified using: master : (7.5) ---------------------------- sssd-1.16.0-19.el7.x86_64 ipa-server-4.5.4-10.el7.x86_64 pki-ca-10.5.1-9.el7.noarch krb5-server-1.15.1-18.el7.x86_64 client : (6.10) ---------------------------- ipa-client-3.0.0-51.el6.x86_64 ipa-python-3.0.0-51.el6.x86_64 sssd-1.13.3-60.el6.x86_64 [root@master ~]# ipa trust-find --------------- 1 trust matched --------------- Realm name: ipaad2016.test Domain NetBIOS name: IPAAD2016 Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681 Trust type: Active Directory domain UPN suffixes: upn14.in, tomupn14.in, upn2016.in, newad2016.test ---------------------------- Number of entries returned 1 ---------------------------- [root@master ~]# id aduser10 uid=1577602635(aduser10) gid=1577602635(aduser10) groups=1577602635(aduser10),1577600513(domain users) [root@client~]# ssh -l aduser10 master.tomupn14.test Password: Could not chdir to home directory /home/ipaad2016.test/aduser10: No such file or directory -sh-4.2$ whoami aduser10 -sh-4.2$ id uid=1577602635(aduser10) gid=1577602635(aduser10) groups=1577602635(aduser10),1577600513(domain users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@client ~]# kinit -E aduser10 Password for aduser10\@tomupn14.in: [root@client ~]# klist -l Principal name Cache name -------------- ---------- aduser10\@tomupn14.in@IPAAD201 FILE:/tmp/krb5cc_0 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:1877 |