Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/2168 If Data Provider was unable to refresh the subdomain list, the sss_domain_info->subdomains list was NULL. Which meant that no DP request matched any known domain and hence offline authentication was not working correctly.
Pushed upstream: master: 2b4b6b829f197493b4901bec96fefaadbc7a2464 sssd-1-11: 3405f6cff7ba3ccab8bbc2e0d043d28ae021fcb9
More fixes from upstream landed in sssd-1.11.2-18.el7
verified where offline creds are first created and iptables blocks access to the AD. sssd is then restarted are logins still succeed. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ad_forest_auth_6: bz1038637 If SSSD starts offline, subdomains list is never read :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'su_success enterprise_user_dom1 Secret123' (Expected 0, got 0) :: [ PASS ] :: Running 'su_success enterprise_user_dom2 Secret123' (Expected 0, got 0) :: [ PASS ] :: Running 'su_success enterprise_user_dom3.com Secret123' (Expected 0, got 0) :: [ PASS ] :: Running 'su_success enterprise_user_dom1 Secret123' (Expected 0, got 0) :: [ PASS ] :: Running 'su_success enterprise_user_dom2 Secret123' (Expected 0, got 0) :: [ PASS ] :: Running 'su_success enterprise_user_dom3.com Secret123' (Expected 0, got 0) :: [ PASS ] :: File '/var/log/sssd/sssd_sssdad.com.log' should contain '\[get_subdomains_callback\] (0x0400): Backend returned: (1, 11, <NULL>) \[Provider is Offline' :: [ LOG ] :: Duration: 30s :: [ LOG ] :: Assertions: 7 good, 0 bad :: [ PASS ] :: RESULT: ad_forest_auth_6: bz1038637 If SSSD starts offline, subdomains list is never read
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.