1253819 – sssd not seeing group membership properly

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1253819 - sssd not seeing group membership properly

Summary: sssd not seeing group membership properly

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.5
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Michal Zidek
QA Contact:	Kaushik Banerjee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1172231
TreeView+	depends on / blocked

Reported:	2015-08-14 19:34 UTC by Striker Leggette
Modified:	2019-09-12 08:46 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-09-30 12:31:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 1 Striker Leggette 2015-08-14 19:35:55 UTC

Marked first comment private due to privacy concerns.  Here is sanitized version for public-facing:

Description of problem:
 - SSSD sees group membership properly of only the first person to log in.  Every next user will not be assigned the group.

Version-Release number of selected component (if applicable):
 - Linux $host 2.6.32-431.23.3.el6.x86_64 #1 SMP Wed Jul 16 06:12:23 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
 - sssd-1.12.4-47.el6.x86_64

How reproducible:
 - Always

Steps to Reproduce:
1. Stop SSSD, clear cache and logs, start SSSD.
2. Log in as user1 that is member of $groupABCD2
3. Log in as user2 that is a member of $groupABCD2

Actual results:
 - SSSD does not see $groupABCD2 in user2's groups.

Expected results:
 - SSSD sees all of user2's groups properly.

Comment 3 Striker Leggette 2015-08-14 19:38:15 UTC

Example SSSD debug and config attached.  Setting prio. high for visibility.

Comment 6 Michal Zidek 2015-08-27 14:34:50 UTC

Hi!

Sorry for the delay. I was not able to reproduce this issue with sssd 1.12.4, sssd 1.12.5 or master. In the customer setup, are the versions of sssd same on both server and client? If not, what version is on the server side?

Could you try if the problem is still reproducible with newer versions? You can try Lukas's unofficial repo for testing purposes:
https://copr.fedoraproject.org/coprs/lslebodn/sssd-deps/repo/epel-6/lslebodn-sssd-deps-epel-6.repo

Michal

Comment 8 Michal Zidek 2015-08-27 14:44:34 UTC

Hi again!

sorry I posted wrong repo link, the one I wanted you to try is this one
https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12-latest/

Again, it is unsupported repo, but it will tell us if the problem remains in the latest 1-12 branch.

Michal

Comment 9 Jakub Hrozek 2015-09-03 08:57:53 UTC

Ping, any news about the test results?

Comment 10 Michal Zidek 2015-09-03 11:21:32 UTC

Sending new repo link. The previous is deprecated (it only contains link to this new one):
https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12/

Comment 13 Jakub Hrozek 2015-09-30 12:31:11 UTC

There was no update since 2015-09-03 closing.

Note You need to log in before you can comment on or make changes to this bug.