Bug 1804005

Summary: sssd doesn't follow the link order of AD Group Policy Management
Product: Red Hat Enterprise Linux 7 Reporter: Muneaki Sugaya <msugaya>
Component: sssdAssignee: Sumit Bose <sbose>
Status: CLOSED ERRATA QA Contact: sssd-qe <sssd-qe>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.7CC: atikhono, dlavu, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sbose, sgoveas, thalman, tscherf
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: sssd-1.16.5-10.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-29 19:50:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 7 Sumit Bose 2020-02-26 11:42:19 UTC 
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/4145
Comment 11 Pavel Březina 2020-06-05 09:07:33 UTC 
Pushed PR: https://github.com/SSSD/sssd/pull/5159

* `master`
    * dce025b882db7247571b135e928afb47f069a60f - GPO: fix link order in a SOM
* `sssd-1-16`
    * 7cf6b86408e53c5c2c5f6da89aef3dec68223c59 - GPO: fix link order in a SOM
Comment 14 Dan Lavu 2020-06-16 02:52:49 UTC 
Verified against sssd-1.16.5-10.el7.x86_64

Created GPOs, gpo1 permitting user1, gpo2 permitting user2

[root@client1 yum.repos.d]# ssh user1@localhost
user1@localhost's password: 
Last login: Mon Jun 15 22:43:49 2020 from ::1
[user1@client1 ~]$ exit
logout
Connection to localhost closed.

[root@client1 yum.repos.d]# ssh user2@localhost
user2@localhost's password: 
Authentication failed.

Modified the link order, now gpo2 is processed second after the default Default Domain Policy

[root@client1 yum.repos.d]# ssh user2@localhost
user2@localhost's password: 
Last failed login: Mon Jun 15 22:45:02 EDT 2020 from ::1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Mon Jun 15 22:43:57 2020 from ::1
[user2@client1 ~]$ exit
logout
Connection to localhost closed.

[root@client1 yum.repos.d]# ssh user1@localhost
user1@localhost's password: 
Authentication failed.
Comment 16 errata-xmlrpc 2020-09-29 19:50:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sssd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3904