Bug 1677355
| Summary: | NSS responder does no refresh domain list when busy | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Sumit Bose <sbose> |
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | glamb, gparente, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sgadekar, sgoveas, tscherf |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | sssd-1.16.4-1.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-08-06 13:02:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Sumit Bose
2019-02-14 15:49:27 UTC
Upstream ticket: https://pagure.io/SSSD/sssd/issue/3967 How to test: - use an AD or IPA setup with sub-domains, i.e. either other domains in the AD forest (AD) or a trust to an AD forest (IPA). - start the client in offline mode with an empty cache, e.g. by removing all entries nameserver from /etc/resolv.conf. - start a lookup for a sub-domain user ever 30s in a loop, it is expected that the lookup fails while offline - add the nameserver entries back to /etc/resolve.conf - with a fixed version the user lookup in the loop should succeed after about 2 minute (1 minute default offline timeout + 1 minute default domain refresh timeout) or shorter - with a broken version the user lookup in the loop should never succeed * master: c013643 * sssd-1-16: 3824008 verified with sssd-1.16.4-21.el7.x86_64 Issue reproduced with following version: [root@vm-idm-016 ~]# rpm -q sssd sssd-1.16.2-13.el7.x86_64 script used for testing [root@vm-idm-016 ~]# cat new.sh #!/bin/bash cat /etc/resolv.conf > /etc/resolv.conf.bk echo "Printing backed up resolv.conf.bk" cat /etc/resolv.conf.bk echo > /etc/resolv.conf echo "Printing Modified resolv.conf" cat /etc/resolv.conf service sssd stop ; rm -rf /var/lib/sss/db/* ; rm -rf /var/log/sssd/* ; systemctl start sssd echo " SSSD is starting in offline mode" for i in `seq 4`; do id administrator.com; echo 'delay 30 secs' ; sleep 30 ; done echo "Printing restored resolv.conf" cat /etc/resolv.conf.bk > /etc/resolv.conf cat /etc/resolv.conf for i in `seq 12`; do id administrator.com; echo 'delay 30 sec'; sleep 30 ; done [root@vm-idm-016 ~]# -016 ~]# bash new.sh Printing backed up resolv.conf.bk nameserver 22.65.207.47 #nameserver 22.65.201.89 #nameserver 22.68.5.26 Printing Modified resolv.conf Redirecting to /bin/systemctl stop sssd.service SSSD is starting in offline mode id: administrator.com: no such user delay 30 secs id: administrator.com: no such user delay 30 secs id: administrator.com: no such user delay 30 secs id: administrator.com: no such user delay 30 secs Printing restored resolv.conf nameserver 10.65.207.47 #nameserver 10.65.201.89 #nameserver 10.68.5.26 id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec [root@vm-idm-016 ~]# yum update sssd Loaded plugins: product-id, search-disabled-repos, subscription-manager . [........] . Verifying : libsss_autofs-1.16.2-13.el7.x86_64 29/30 Verifying : sssd-proxy-1.16.2-13.el7.x86_64 30/30 Updated: sssd.x86_64 0:1.16.4-21.el7 Dependency Updated: libipa_hbac.x86_64 0:1.16.4-21.el7 libsss_autofs.x86_64 0:1.16.4-21.el7 libsss_idmap.x86_64 0:1.16.4-21.el7 libsss_sudo.x86_64 0:1.16.4-21.el7 python-sssdconfig.noarch 0:1.16.4-21.el7 sssd-ad.x86_64 0:1.16.4-21.el7 sssd-client.x86_64 0:1.16.4-21.el7 sssd-common.x86_64 0:1.16.4-21.el7 sssd-common-pac.x86_64 0:1.16.4-21.el7 sssd-ipa.x86_64 0:1.16.4-21.el7 sssd-krb5.x86_64 0:1.16.4-21.el7 sssd-krb5-common.x86_64 0:1.16.4-21.el7 sssd-ldap.x86_64 0:1.16.4-21.el7 sssd-proxy.x86_64 0:1.16.4-21.el7 Complete! [root@vm-idm-016 ~]# rpm -q sssd sssd-1.16.4-21.el7.x86_64 [root@vm-idm-016 ~]# bash new.sh Printing backed up resolv.conf.bk nameserver 22.65.207.47 #nameserver 22.65.201.89 #nameserver 22.68.5.26 Printing Modified resolv.conf Redirecting to /bin/systemctl stop sssd.service SSSD is starting in offline mode id: administrator.com: no such user delay 30 secs id: administrator.com: no such user delay 30 secs id: administrator.com: no such user delay 30 secs id: administrator.com: no such user delay 30 secs Printing restored resolv.conf nameserver 22.65.207.47 #nameserver 22.65.201.89 #nameserver 22.68.5.26 id: administrator.com: no such user delay 30 sec id: administrator.com: no such user delay 30 sec uid=651800500(administrator.com) gid=651800500(administrator.com) groups=651800500(administrator.com),651800520(group policy creator owners.com),651800512(domain admins.com),651800513(domain users.com) delay 30 sec uid=651800500(administrator.com) gid=651800500(administrator.com) groups=651800500(administrator.com),651800520(group policy creator owners.com),651800512(domain admins.com),651800513(domain users.com) delay 30 sec ^C [root@vm-idm-016 ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:2177 |