Red Hat Bugzilla – Bug 1169739
selinuxusermap rule does not apply to trusted AD users
Last modified: 2015-03-05 05:34:45 EST
Description of problem: This is a regression for bz1075663 and bz1073635 Version-Release number of selected component (if applicable): sssd-1.12.2-28.el7.x86_64 ipa-server-4.1.0-10.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Install IPA and add Trust with AD * https://bugzilla.redhat.com/show_bug.cgi?id=1075663 [root@ibm-x3620m3-01 ~]# ipa group-add-member gr1075663 --groups=gr1075663_ext Group name: gr1075663 Description: 0 GID: 1119800014 Member groups: gr1075663_ext ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# ipa group-add-member gr1075663_ext --users='' --groups='' --external="aduser1@${AD_top_domain}" Group name: gr1075663_ext Description: 0 External member: S-1-5-21-1910160501-511572375-3625658879-1313 Member of groups: gr1075663 ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service [root@ibm-x3620m3-01 ~]# id aduser1@${AD_top_domain} uid=1148401313(aduser1@adtest.qe) gid=1148401313(aduser1@adtest.qe) groups=1148401313(aduser1@adtest.qe),1148402424(adunigroup1@adtest.qe),1148401449(adgroup1@adtest.qe),1148402425(adgroup2@adtest.qe),1148400513(domain users@adtest.qe),1119800014(gr1075663),1119800008(adgrp) [root@ibm-x3620m3-01 ~]# ipa selinuxusermap-add-user selinux_1075663 --groups=gr1075663 Rule name: selinux_1075663 SELinux User: staff_u:s0-s0:c0.c1023 Host category: all Enabled: TRUE User Groups: gr1075663 ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# cat /home/${AD_top_domain}/aduser1/.k5login aduser1@adtest.qe aduser1@ADTEST.QE ADTEST\aduser1 adtest\aduser1 [root@ibm-x3620m3-01 ~]# kdestroy -A [root@ibm-x3620m3-01 ~]# echo ${AD_top_pswd}|kinit aduser1@${AD_TOP_REALM} Password for aduser1@ADTEST.QE: [root@ibm-x3620m3-01 ~]# ssh -K -l aduser1@${AD_top_domain} $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@ibm-x3620m3-01 ~]# ssh -K -l aduser1@${AD_TOP_REALM} $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@ibm-x3620m3-01 ~]# ssh -K -l "${AD_top_netbios}\\aduser1" $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@ibm-x3620m3-01 ~]# ssh -K -l "${AD_top_netbios,,}\\aduser1" $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 * https://bugzilla.redhat.com/show_bug.cgi?id=1073635 [root@ibm-x3620m3-01 ~]# ipa group-add-member gr1073635 --groups=gr1073635_ext Group name: gr1073635 Description: 0 GID: 1119800015 Member groups: gr1073635_ext ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# ipa group-add-member gr1073635_ext --users='' --groups='' \ > --external="aduser1@${AD_top_domain}" Group name: gr1073635_ext Description: 0 External member: S-1-5-21-1910160501-511572375-3625658879-1313 Member of groups: gr1073635 ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# ipa selinuxusermap-add-host selinux_1073635 --hosts=$MASTER Rule name: selinux_1073635 SELinux User: staff_u:s0-s0:c0.c1023 Enabled: TRUE User Groups: gr1073635 Hosts: ibm-x3620m3-01.steeve2011.test ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service [root@ibm-x3620m3-01 ~]# kdestroy -A [root@ibm-x3620m3-01 ~]# echo ${AD_top_pswd}|kinit aduser1@${AD_TOP_REALM} Password for aduser1@ADTEST.QE: [root@ibm-x3620m3-01 ~]# ssh -K -l aduser1@${AD_top_domain} $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Please attach logs. Assigning to Lukas for investigation as he was already poking at the issue.
Upstream ticket: https://fedorahosted.org/sssd/ticket/2512
Created attachment 963749 [details] sssd_ipa.domain.log files for bz1075663 test
Created attachment 963752 [details] sssd_ipa.domain.log files for bz1073635 test
Thank you very much, a patch is on the list now.
Seeing it with regular (non-AD) users as well - so should doctext be revised? # ipa user-add one # ipa passwd one # kinit one # kinit admin # ipa selinuxusermap-add selinuxusermaprule1 --selinuxuser=staff_u:s0-s0:c0.c1023 -------------------------------------------- Added SELinux User Map "selinuxusermaprule1" -------------------------------------------- Rule name: selinuxusermaprule1 SELinux User: staff_u:s0-s0:c0.c1023 Enabled: TRUE # ipa selinuxusermap-add-user selinuxusermaprule1 --users=one Rule name: selinuxusermaprule1 SELinux User: staff_u:s0-s0:c0.c1023 Enabled: TRUE Users: one ------------------------- Number of members added 1 ------------------------- # ipa selinuxusermap-add-host selinuxusermaprule1 --hosts=qe-blade-01.testrelm.test Rule name: selinuxusermaprule1 SELinux User: staff_u:s0-s0:c0.c1023 Enabled: TRUE Users: one Hosts: qe-blade-01.testrelm.test ------------------------- Number of members added 1 ------------------------- # ipa selinuxusermap-show selinuxusermaprule1 --all dn: ipaUniqueID=836be4f2-7b2d-11e4-95b3-3440b58fae6b,cn=usermap,cn=selinux,dc=testrelm,dc=test Rule name: selinuxusermaprule1 SELinux User: staff_u:s0-s0:c0.c1023 Enabled: TRUE Users: one Hosts: qe-blade-01.testrelm.test ipauniqueid: 836be4f2-7b2d-11e4-95b3-3440b58fae6b objectclass: ipaselinuxusermap, ipaassociation # kinit one # ssh -l one qe-blade-01.testrelm.test id -Z Could not chdir to home directory /home/one: No such file or directory unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
It will not work for ipa users if the option use_fully_qualified_names is enabled in ipa domain (sssd.conf).
* master: b02eda90e9c6d6666af55041b1b12f5ac2f47b73
Verified in version ipa-server-4.1.0-13.el7.x86_64 sssd-ipa-1.12.2-39.el7.x86_64 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa_trust_func_bug_1075663: SSSD should create the SELinux mapping file with format expected by pam_selinux :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ BEGIN ] :: Running 'kdestroy -A' :: [ PASS ] :: Command 'kdestroy -A' (Expected 0, got 0) :: [ BEGIN ] :: Running 'echo Secret123|kinit admin' Password for admin@RDUSTV1911.TEST: :: [ PASS ] :: Command 'echo Secret123|kinit admin' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-add --desc=0 gr1075663' ----------------------- Added group "gr1075663" ----------------------- Group name: gr1075663 Description: 0 GID: 1039800006 :: [ PASS ] :: Command 'ipa group-add --desc=0 gr1075663' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-add --desc=0 gr1075663_ext --external' --------------------------- Added group "gr1075663_ext" --------------------------- Group name: gr1075663_ext Description: 0 :: [ PASS ] :: Command 'ipa group-add --desc=0 gr1075663_ext --external' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-add-member gr1075663 --groups=gr1075663_ext' Group name: gr1075663 Description: 0 GID: 1039800006 Member groups: gr1075663_ext ------------------------- Number of members added 1 ------------------------- :: [ PASS ] :: Command 'ipa group-add-member gr1075663 --groups=gr1075663_ext' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-add-member gr1075663_ext --users='' --groups='' --external='aduser1@ipaad2012r2.test'' Group name: gr1075663_ext Description: 0 External member: S-1-5-21-547465014-1205121312-3291251547-1105 Member of groups: gr1075663 ------------------------- Number of members added 1 ------------------------- :: [ PASS ] :: Command 'ipa group-add-member gr1075663_ext --users='' --groups='' --external='aduser1@ipaad2012r2.test'' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa selinuxusermap-add --hostcat=all --selinuxuser='staff_u:s0-s0:c0.c1023' selinux_1075663' ---------------------------------------- Added SELinux User Map "selinux_1075663" ---------------------------------------- Rule name: selinux_1075663 SELinux User: staff_u:s0-s0:c0.c1023 Host category: all Enabled: TRUE :: [ PASS ] :: Command 'ipa selinuxusermap-add --hostcat=all --selinuxuser='staff_u:s0-s0:c0.c1023' selinux_1075663' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa selinuxusermap-add-user selinux_1075663 --groups=gr1075663' Rule name: selinux_1075663 SELinux User: staff_u:s0-s0:c0.c1023 Host category: all Enabled: TRUE User Groups: gr1075663 ------------------------- Number of members added 1 ------------------------- :: [ PASS ] :: Command 'ipa selinuxusermap-add-user selinux_1075663 --groups=gr1075663' (Expected 0, got 0) :: [ BEGIN ] :: Running 'su - aduser1@ipaad2012r2.test -c 'echo aduser1@IPAAD2012R2.TEST >> ~/.k5login'' :: [ PASS ] :: Command 'su - aduser1@ipaad2012r2.test -c 'echo aduser1@IPAAD2012R2.TEST >> ~/.k5login'' (Expected 0, got 0) :: [ BEGIN ] :: Running 'su - aduser1@ipaad2012r2.test -c 'cat ~/.k5login'' aduser1@IPAAD2012R2.TEST :: [ PASS ] :: Command 'su - aduser1@ipaad2012r2.test -c 'cat ~/.k5login'' (Expected 0, got 0) :: [ BEGIN ] :: Running 'service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start' Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service :: [ PASS ] :: Command 'service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start' (Expected 0, got 0) :: [ BEGIN ] :: Running 'kdestroy -A' :: [ PASS ] :: Command 'kdestroy -A' (Expected 0, got 0) :: [ BEGIN ] :: Running 'echo Secret123|kinit aduser1@IPAAD2012R2.TEST' Password for aduser1@IPAAD2012R2.TEST: :: [ PASS ] :: Command 'echo Secret123|kinit aduser1@IPAAD2012R2.TEST' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ssh -K -l aduser1@ipaad2012r2.test ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1075663.GCLRFD 2>&1' :: [ PASS ] :: Command 'ssh -K -l aduser1@ipaad2012r2.test ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1075663.GCLRFD 2>&1' (Expected 0, got 0) :: [ BEGIN ] :: Running 'cat ipa_trust_func_bug_1075663.GCLRFD' staff_u:staff_r:staff_t:s0-s0:c0.c1023 :: [ PASS ] :: Command 'cat ipa_trust_func_bug_1075663.GCLRFD' (Expected 0, got 0) :: [ PASS ] :: File 'ipa_trust_func_bug_1075663.GCLRFD' should contain 'staff_u.*:s0-s0:c0.c1023' :: [ BEGIN ] :: Running 'ssh -K -l aduser1@IPAAD2012R2.TEST ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1075663.GCLRFD 2>&1' :: [ PASS ] :: Command 'ssh -K -l aduser1@IPAAD2012R2.TEST ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1075663.GCLRFD 2>&1' (Expected 0, got 0) :: [ BEGIN ] :: Running 'cat ipa_trust_func_bug_1075663.GCLRFD' staff_u:staff_r:staff_t:s0-s0:c0.c1023 :: [ PASS ] :: Command 'cat ipa_trust_func_bug_1075663.GCLRFD' (Expected 0, got 0) :: [ PASS ] :: File 'ipa_trust_func_bug_1075663.GCLRFD' should contain 'staff_u.*:s0-s0:c0.c1023' :: [ BEGIN ] :: Running 'ssh -K -l 'IPAAD2012R2duser1' ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1075663.GCLRFD 2>&1' :: [ PASS ] :: Command 'ssh -K -l 'IPAAD2012R2\aduser1' ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1075663.GCLRFD 2>&1' (Expected 0, got 0) :: [ BEGIN ] :: Running 'cat ipa_trust_func_bug_1075663.GCLRFD' staff_u:staff_r:staff_t:s0-s0:c0.c1023 :: [ PASS ] :: Command 'cat ipa_trust_func_bug_1075663.GCLRFD' (Expected 0, got 0) :: [ PASS ] :: File 'ipa_trust_func_bug_1075663.GCLRFD' should contain 'staff_u.*:s0-s0:c0.c1023' :: [ BEGIN ] :: Running 'ssh -K -l 'ipaad2012r2duser1' ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1075663.GCLRFD 2>&1' :: [ PASS ] :: Command 'ssh -K -l 'ipaad2012r2\aduser1' ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1075663.GCLRFD 2>&1' (Expected 0, got 0) :: [ BEGIN ] :: Running 'cat ipa_trust_func_bug_1075663.GCLRFD' staff_u:staff_r:staff_t:s0-s0:c0.c1023 :: [ PASS ] :: Command 'cat ipa_trust_func_bug_1075663.GCLRFD' (Expected 0, got 0) :: [ PASS ] :: File 'ipa_trust_func_bug_1075663.GCLRFD' should contain 'staff_u.*:s0-s0:c0.c1023' :: [ PASS ] :: BZ 1075663 not found :: [ BEGIN ] :: Running 'kdestroy -A' :: [ PASS ] :: Command 'kdestroy -A' (Expected 0, got 0) :: [ BEGIN ] :: Running 'echo Secret123|kinit admin' Password for admin@RDUSTV1911.TEST: :: [ PASS ] :: Command 'echo Secret123|kinit admin' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-del gr1075663_ext' ----------------------------- Deleted group "gr1075663_ext" ----------------------------- :: [ PASS ] :: Command 'ipa group-del gr1075663_ext' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-del gr1075663' ------------------------- Deleted group "gr1075663" ------------------------- :: [ PASS ] :: Command 'ipa group-del gr1075663' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa selinuxusermap-del selinux_1075663' ------------------------------------------ Deleted SELinux User Map "selinux_1075663" ------------------------------------------ :: [ PASS ] :: Command 'ipa selinuxusermap-del selinux_1075663' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa_trust_func_bug_1073635: IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:55:09 ] :: First make sure selinuxusermap is to unconfined... :: [ BEGIN ] :: Running 'service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start' Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service :: [ PASS ] :: Command 'service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start' (Expected 0, got 0) :: [ BEGIN ] :: Running 'kdestroy -A' :: [ PASS ] :: Command 'kdestroy -A' (Expected 0, got 0) :: [ BEGIN ] :: Running 'echo Secret123|kinit aduser1@IPAAD2012R2.TEST' Password for aduser1@IPAAD2012R2.TEST: :: [ PASS ] :: Command 'echo Secret123|kinit aduser1@IPAAD2012R2.TEST' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ssh -K -l aduser1@ipaad2012r2.test ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1073635.HvhL70 2>&1' :: [ PASS ] :: Command 'ssh -K -l aduser1@ipaad2012r2.test ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1073635.HvhL70 2>&1' (Expected 0, got 0) :: [ BEGIN ] :: Running 'cat ipa_trust_func_bug_1073635.HvhL70' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 :: [ PASS ] :: Command 'cat ipa_trust_func_bug_1073635.HvhL70' (Expected 0, got 0) :: [ PASS ] :: File 'ipa_trust_func_bug_1073635.HvhL70' should contain 'unconfined_u.*:s0-s0:c0.c1023' :: [ 07:55:19 ] :: Now Setup groups and selinuxusermap rule :: [ BEGIN ] :: Running 'kdestroy -A' :: [ PASS ] :: Command 'kdestroy -A' (Expected 0, got 0) :: [ BEGIN ] :: Running 'echo Secret123|kinit admin' Password for admin@RDUSTV1911.TEST: :: [ PASS ] :: Command 'echo Secret123|kinit admin' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-add --desc=0 gr1073635' ----------------------- Added group "gr1073635" ----------------------- Group name: gr1073635 Description: 0 GID: 1039800007 :: [ PASS ] :: Command 'ipa group-add --desc=0 gr1073635' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-add --desc=0 gr1073635_ext --external' --------------------------- Added group "gr1073635_ext" --------------------------- Group name: gr1073635_ext Description: 0 :: [ PASS ] :: Command 'ipa group-add --desc=0 gr1073635_ext --external' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-add-member gr1073635 --groups=gr1073635_ext' Group name: gr1073635 Description: 0 GID: 1039800007 Member groups: gr1073635_ext ------------------------- Number of members added 1 ------------------------- :: [ PASS ] :: Command 'ipa group-add-member gr1073635 --groups=gr1073635_ext' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-add-member gr1073635_ext --users='' --groups='' --external='aduser1@ipaad2012r2.test'' Group name: gr1073635_ext Description: 0 External member: S-1-5-21-547465014-1205121312-3291251547-1105 Member of groups: gr1073635 ------------------------- Number of members added 1 ------------------------- :: [ PASS ] :: Command 'ipa group-add-member gr1073635_ext --users='' --groups='' --external='aduser1@ipaad2012r2.test'' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa selinuxusermap-add --selinuxuser='staff_u:s0-s0:c0.c1023' selinux_1073635' ---------------------------------------- Added SELinux User Map "selinux_1073635" ---------------------------------------- Rule name: selinux_1073635 SELinux User: staff_u:s0-s0:c0.c1023 Enabled: TRUE :: [ PASS ] :: Command 'ipa selinuxusermap-add --selinuxuser='staff_u:s0-s0:c0.c1023' selinux_1073635' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa selinuxusermap-add-user selinux_1073635 --groups=gr1073635' Rule name: selinux_1073635 SELinux User: staff_u:s0-s0:c0.c1023 Enabled: TRUE User Groups: gr1073635 ------------------------- Number of members added 1 ------------------------- :: [ PASS ] :: Command 'ipa selinuxusermap-add-user selinux_1073635 --groups=gr1073635' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa selinuxusermap-add-host selinux_1073635 --hosts=ipaqavmh.rdustv1911.test' Rule name: selinux_1073635 SELinux User: staff_u:s0-s0:c0.c1023 Enabled: TRUE User Groups: gr1073635 Hosts: ipaqavmh.rdustv1911.test ------------------------- Number of members added 1 ------------------------- :: [ PASS ] :: Command 'ipa selinuxusermap-add-host selinux_1073635 --hosts=ipaqavmh.rdustv1911.test' (Expected 0, got 0) :: [ 07:55:37 ] :: Now test selinuxusermap rule :: [ BEGIN ] :: Running 'service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start' Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service :: [ PASS ] :: Command 'service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start' (Expected 0, got 0) :: [ BEGIN ] :: Running 'kdestroy -A' :: [ PASS ] :: Command 'kdestroy -A' (Expected 0, got 0) :: [ BEGIN ] :: Running 'echo Secret123|kinit aduser1@IPAAD2012R2.TEST' Password for aduser1@IPAAD2012R2.TEST: :: [ PASS ] :: Command 'echo Secret123|kinit aduser1@IPAAD2012R2.TEST' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ssh -K -l aduser1@ipaad2012r2.test ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1073635.HvhL70 2>&1' :: [ PASS ] :: Command 'ssh -K -l aduser1@ipaad2012r2.test ipaqavmh.rdustv1911.test 'id -Z' > ipa_trust_func_bug_1073635.HvhL70 2>&1' (Expected 0, got 0) :: [ BEGIN ] :: Running 'cat ipa_trust_func_bug_1073635.HvhL70' staff_u:staff_r:staff_t:s0-s0:c0.c1023 :: [ PASS ] :: Command 'cat ipa_trust_func_bug_1073635.HvhL70' (Expected 0, got 0) :: [ PASS ] :: File 'ipa_trust_func_bug_1073635.HvhL70' should contain 'staff_u.*:s0-s0:c0.c1023' :: [ 07:55:48 ] :: Now cleanup groups and rules :: [ BEGIN ] :: Running 'kdestroy -A' :: [ PASS ] :: Command 'kdestroy -A' (Expected 0, got 0) :: [ BEGIN ] :: Running 'echo Secret123|kinit admin' Password for admin@RDUSTV1911.TEST: :: [ PASS ] :: Command 'echo Secret123|kinit admin' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-del gr1073635' ------------------------- Deleted group "gr1073635" ------------------------- :: [ PASS ] :: Command 'ipa group-del gr1073635' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa group-del gr1073635_ext' ----------------------------- Deleted group "gr1073635_ext" ----------------------------- :: [ PASS ] :: Command 'ipa group-del gr1073635_ext' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa selinuxusermap-del selinux_1073635' ------------------------------------------ Deleted SELinux User Map "selinux_1073635" ------------------------------------------ :: [ PASS ] :: Command 'ipa selinuxusermap-del selinux_1073635' (Expected 0, got 0)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0441.html