Bug 1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
Summary: sssd_be crashed in ipa_srv_ad_acct_lookup_step
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
: 1269058 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-10-01 08:01 UTC by Lukas Slebodnik
Modified: 2020-05-02 18:11 UTC (History)
12 users (show)

Fixed In Version: sssd-1.13.0-39.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 11:40:59 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 3851 None None None 2020-05-02 18:11:28 UTC
Red Hat Product Errata RHSA-2015:2355 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2015-11-19 10:27:42 UTC

Description Lukas Slebodnik 2015-10-01 08:01:08 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2810

{{{
crash_function: ipa_srv_ad_acct_lookup_step                                                     executable:     /usr/libexec/sssd/sssd_be                                                                 
pkg_name:       sssd-common                                                                               
pkg_release:    0.20150930.1317.git6491a24.master.el7.centos
}}}
Comment 1 Jakub Hrozek 2015-10-02 06:58:34 UTC 
To reproduce:
Establish IPA-AD trusts with POSIX attributes but do not replicate the POSIX attributes to Global Catalog. Run "getent group $adgroup".

btw Sudhir was able to reproduce the crash and our fix helped him fix it.
Comment 3 Jakub Hrozek 2015-10-07 10:58:38 UTC 
    master:
        309aa83d16b5919f727af04850bcd0799ba0962f
        afb21fd06690a0bec288a7970abf74ed2ea7dfdc 
    sssd-1-13:
        15a4b34ccfcfbcec2c9ba529d0113adf251abc16
        f1742784d9b1cffd74f67beeb26375124183428a
Comment 4 Jakub Hrozek 2015-10-07 10:58:57 UTC 
*** Bug 1269058 has been marked as a duplicate of this bug. ***
Comment 6 Sudhir Menon 2015-10-14 11:36:11 UTC 
Verified using RHEL 7.2 and Windows 2012 R2

sssd-1.13.0-39.el7.x86_64
ipa-server-trust-ad-4.2.0-13.el7.x86_64
ipa-server-dns-4.2.0-13.el7.x86_64
ipa-server-4.2.0-13.el7.x86_64

[root@ipa02 ~]# ipa trust-add --range-type=ipa-ad-trust-posix
Realm name: SLABS.QE
Active Directory domain administrator: administrator
Active Directory domain administrator's password: 
-------------------------------------------------
Added Active Directory trust for realm "slabs.qe"
-------------------------------------------------
  Realm name: slabs.qe
  Domain NetBIOS name: SLABS
  Domain Security Identifier: S-1-5-21-1198230686-218755016-3050646183
  SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17,
                          S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19,
                          S-1-5-18
  SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17,
                          S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19,
                          S-1-5-18
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified

[root@ipaclient02 ~]# getent group agroup1@slabs.qe
agroup1@slabs.qe:*:10000:
Comment 7 errata-xmlrpc 2015-11-19 11:40:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html
Note You need to log in before you can comment on or make changes to this bug.