Bug 990688
Summary: | [RFE] User's shells are not taken from AD when there is an IPA trust with AD | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | hgraham | |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> | |
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 7.0 | CC: | dpal, grajaiya, jgalipea, lslebodn, mkosek, nsoman, pbrezina, sellis, sgoveas, spoore | |
Target Milestone: | rc | Keywords: | FutureFeature | |
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | sssd-1.12.1-3.el7 | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1168377 1187103 (view as bug list) | Environment: | ||
Last Closed: | 2015-03-05 10:27:06 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1168377, 1187103, 1194039 |
Description
hgraham
2013-07-31 18:40:01 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/2041 While testing this, you can also make sure that: id $username resolves into the complete group list even for users who have never logged in. * master: 28c70f003c7b330ab1d998a4eff1248d272a6ba9 This doesn't appear to be working now. [root@django sssd]# rpm -q sssd sssd-1.12.2-52.el7.x86_64 [root@django sssd]# ldapsearch -h win-i94qhqmthd4.adlabs.com -D "cn=Administrator,cn=Users,dc=adlabs,dc=com" -w Secret123 -b "CN=Aduser1 user,CN=Users,dc=adlabs,dc=com" "(&(objectclass=user)(objectcategory=person))" | egrep -i "unixHomeDirectory|loginShell" unixHomeDirectory: /home/stv loginShell: /bin/stv [root@django sssd]# getent passwd Aduser1 aduser1:*:10013:10047:Aduser1 user:/home/adlabs.com/aduser1:/bin/stv [root@django sssd]# grep -i homedir * sssd_ipanew.test.log:(Thu Jan 29 00:23:29 2015) [sssd[be[ipanew.test]]] [sdap_get_map] (0x0400): Option ldap_user_home_directory has value homeDirectory sssd_ipanew.test.log:(Thu Jan 29 00:23:29 2015) [sssd[be[ipanew.test]]] [sdap_get_map] (0x0400): Option ldap_user_home_directory has value homeDirectory sssd_ipanew.test.log:(Thu Jan 29 00:23:31 2015) [sssd[be[ipanew.test]]] [sdap_copy_map] (0x0400): Option ldap_user_home_directory has value unixHomeDirectory sssd_ipanew.test.log:(Thu Jan 29 00:23:31 2015) [sssd[be[ipanew.test]]] [sdap_copy_map] (0x0400): Option ldap_user_home_directory has value unixHomeDirectory sssd_ipanew.test.log:(Thu Jan 29 00:23:37 2015) [sssd[be[ipanew.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] sssd_ipanew.test.log:(Thu Jan 29 00:23:37 2015) [sssd[be[ipanew.test]]] [sdap_parse_range] (0x2000): No sub-attributes for [unixHomeDirectory] Verified in version [root@django ~]# rpm -q sssd sssd-1.12.2-52.el7.x86_64 [root@django ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start [root@django ~]# ldapsearch -h win-i94qhqmthd4.adlabs.com -D "cn=Administrator,cn=Users,dc=adlabs,dc=com" -w Secret123 -b "CN=Aduser1 user,CN=Users,dc=adlabs,dc=com" "(&(objectclass=user)(objectcategory=person))" | grep loginShell loginShell: /bin/bash/bla [root@django ~]# getent passwd aduser1 aduser1:*:10013:10047:Aduser1 user:/home/adlabs.com/aduser1:/bin/bash/bla [root@django ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start [root@django ~]# ldapsearch -h win-i94qhqmthd4.adlabs.com -D "cn=Administrator,cn=Users,dc=adlabs,dc=com" -w Secret123 -b "CN=Aduser1 user,CN=Users,dc=adlabs,dc=com" "(&(objectclass=user)(objectcategory=person))" | grep loginShell loginShell: /bin/sh [root@django ~]# getent passwd aduser1 aduser1:*:10013:10047:Aduser1 user:/home/adlabs.com/aduser1:/bin/sh [root@django ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start [root@django ~]# getent passwd aduser1 aduser1:*:10013:10047:Aduser1 user:/home/adlabs.com/aduser1:/bin/sh Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0441.html |