Bug 2035625
Summary: | sssd AD auth broken with sssd_be segfault | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Scott Dowdle <dowdle> |
Component: | sssd | Assignee: | sssd-maintainers <sssd-maintainers> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 35 | CC: | abokovoy, atikhono, jhrozek, lslebodn, luk.claes, mzidek, oleg, pbrezina, sbose, ssorce, sssd-maintainers |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-12-26 06:31:26 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Scott Dowdle
2021-12-26 04:30:40 UTC
Please see recommendations at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory#ensuring-support-for-common-encryption-types-in-ad-and-rhel_connecting-rhel-systems-directly-to-ad-using-sssd Fedora 35 does not enable RC4 cipher in Kerberos, this means SSSD would attempt to use AES ciphers by default. If your AD users do not have AES keys, then there would be no common encryption type. It would, however, be good to see the full crash dump and stack trace. May be there is something else at play too. Could you please enable 'debug_level=9' in the domain section? I used the recommendation from the RHEL8 article that you pointed me to... and that works. I just didn't expect this behavior having run into the problem as a result of upgrading from F34 (where it was working) to F35. Sounds like something to have a wiki page about. Marking as closed. Hi, Could you please still provide a coredump and, ideally, sssd_$domain.log with debug_level=9 that corresponds this crash? IIRC, sssd_be doesn't operate kerberos credentials so dump shouldn't have it either, but if this worries you please feel free to email me or sssd-maintainers.org directly. Sorry, I don't have any more broken systems to do that stuff. Please reopen in case new information available. Same problem on Oracle Linux 9 & RedHat Enterprise Linux 9. Have coredump file & sssd_[DOMAIN].log Problem repeat each 4 hours (1440s). |