Bug 1253819 - sssd not seeing group membership properly
sssd not seeing group membership properly
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Michal Zidek
Kaushik Banerjee
Depends On:
Blocks: 1172231
  Show dependency treegraph
Reported: 2015-08-14 15:34 EDT by Striker Leggette
Modified: 2015-09-30 08:31 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-09-30 08:31:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 1 Striker Leggette 2015-08-14 15:35:55 EDT
Marked first comment private due to privacy concerns.  Here is sanitized version for public-facing:

Description of problem:
 - SSSD sees group membership properly of only the first person to log in.  Every next user will not be assigned the group.

Version-Release number of selected component (if applicable):
 - Linux $host 2.6.32-431.23.3.el6.x86_64 #1 SMP Wed Jul 16 06:12:23 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
 - sssd-1.12.4-47.el6.x86_64

How reproducible:
 - Always

Steps to Reproduce:
1. Stop SSSD, clear cache and logs, start SSSD.
2. Log in as user1 that is member of $groupABCD2
3. Log in as user2 that is a member of $groupABCD2

Actual results:
 - SSSD does not see $groupABCD2 in user2's groups.

Expected results:
 - SSSD sees all of user2's groups properly.
Comment 3 Striker Leggette 2015-08-14 15:38:15 EDT
Example SSSD debug and config attached.  Setting prio. high for visibility.
Comment 6 Michal Zidek 2015-08-27 10:34:50 EDT

Sorry for the delay. I was not able to reproduce this issue with sssd 1.12.4, sssd 1.12.5 or master. In the customer setup, are the versions of sssd same on both server and client? If not, what version is on the server side?

Could you try if the problem is still reproducible with newer versions? You can try Lukas's unofficial repo for testing purposes:

Comment 8 Michal Zidek 2015-08-27 10:44:34 EDT
Hi again!

sorry I posted wrong repo link, the one I wanted you to try is this one

Again, it is unsupported repo, but it will tell us if the problem remains in the latest 1-12 branch.

Comment 9 Jakub Hrozek 2015-09-03 04:57:53 EDT
Ping, any news about the test results?
Comment 10 Michal Zidek 2015-09-03 07:21:32 EDT
Sending new repo link. The previous is deprecated (it only contains link to this new one):
Comment 13 Jakub Hrozek 2015-09-30 08:31:11 EDT
There was no update since 2015-09-03 closing.

Note You need to log in before you can comment on or make changes to this bug.