RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
Summary: sssd_be crashed in ipa_srv_ad_acct_lookup_step
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
: 1269058 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-10-01 08:01 UTC by Lukas Slebodnik
Modified: 2020-05-02 18:11 UTC (History)
12 users (show)

Fixed In Version: sssd-1.13.0-39.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 11:40:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 3851 0 None None None 2020-05-02 18:11:28 UTC
Red Hat Product Errata RHSA-2015:2355 0 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2015-11-19 10:27:42 UTC

Description Lukas Slebodnik 2015-10-01 08:01:08 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2810

{{{
crash_function: ipa_srv_ad_acct_lookup_step                                                     executable:     /usr/libexec/sssd/sssd_be                                                                 
pkg_name:       sssd-common                                                                               
pkg_release:    0.20150930.1317.git6491a24.master.el7.centos
}}}
Comment 1 Jakub Hrozek 2015-10-02 06:58:34 UTC 
To reproduce:
Establish IPA-AD trusts with POSIX attributes but do not replicate the POSIX attributes to Global Catalog. Run "getent group $adgroup".

btw Sudhir was able to reproduce the crash and our fix helped him fix it.
Comment 3 Jakub Hrozek 2015-10-07 10:58:38 UTC 
    master:
        309aa83d16b5919f727af04850bcd0799ba0962f
        afb21fd06690a0bec288a7970abf74ed2ea7dfdc 
    sssd-1-13:
        15a4b34ccfcfbcec2c9ba529d0113adf251abc16
        f1742784d9b1cffd74f67beeb26375124183428a
Comment 4 Jakub Hrozek 2015-10-07 10:58:57 UTC 
*** Bug 1269058 has been marked as a duplicate of this bug. ***
Comment 6 Sudhir Menon 2015-10-14 11:36:11 UTC 
Verified using RHEL 7.2 and Windows 2012 R2

sssd-1.13.0-39.el7.x86_64
ipa-server-trust-ad-4.2.0-13.el7.x86_64
ipa-server-dns-4.2.0-13.el7.x86_64
ipa-server-4.2.0-13.el7.x86_64

[root@ipa02 ~]# ipa trust-add --range-type=ipa-ad-trust-posix
Realm name: SLABS.QE
Active Directory domain administrator: administrator
Active Directory domain administrator's password: 
-------------------------------------------------
Added Active Directory trust for realm "slabs.qe"
-------------------------------------------------
  Realm name: slabs.qe
  Domain NetBIOS name: SLABS
  Domain Security Identifier: S-1-5-21-1198230686-218755016-3050646183
  SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17,
                          S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19,
                          S-1-5-18
  SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17,
                          S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19,
                          S-1-5-18
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified

[root@ipaclient02 ~]# getent group agroup1
agroup1:*:10000:
Comment 7 errata-xmlrpc 2015-11-19 11:40:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html
Note You need to log in before you can comment on or make changes to this bug.