Bug 1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
sssd_be crashed in ipa_srv_ad_acct_lookup_step
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: SSSD Maintainers
Kaushik Banerjee
: Regression
: 1269058 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-01 04:01 EDT by Lukas Slebodnik
Modified: 2015-11-19 06:40 EST (History)
12 users (show)

See Also:
Fixed In Version: sssd-1.13.0-39.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-19 06:40:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lukas Slebodnik 2015-10-01 04:01:08 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2810

{{{
crash_function: ipa_srv_ad_acct_lookup_step                                                     executable:     /usr/libexec/sssd/sssd_be                                                                 
pkg_name:       sssd-common                                                                               
pkg_release:    0.20150930.1317.git6491a24.master.el7.centos
}}}
Comment 1 Jakub Hrozek 2015-10-02 02:58:34 EDT
To reproduce:
Establish IPA-AD trusts with POSIX attributes but do not replicate the POSIX attributes to Global Catalog. Run "getent group $adgroup".

btw Sudhir was able to reproduce the crash and our fix helped him fix it.
Comment 3 Jakub Hrozek 2015-10-07 06:58:38 EDT
    master:
        309aa83d16b5919f727af04850bcd0799ba0962f
        afb21fd06690a0bec288a7970abf74ed2ea7dfdc 
    sssd-1-13:
        15a4b34ccfcfbcec2c9ba529d0113adf251abc16
        f1742784d9b1cffd74f67beeb26375124183428a
Comment 4 Jakub Hrozek 2015-10-07 06:58:57 EDT
*** Bug 1269058 has been marked as a duplicate of this bug. ***
Comment 6 Sudhir Menon 2015-10-14 07:36:11 EDT
Verified using RHEL 7.2 and Windows 2012 R2

sssd-1.13.0-39.el7.x86_64
ipa-server-trust-ad-4.2.0-13.el7.x86_64
ipa-server-dns-4.2.0-13.el7.x86_64
ipa-server-4.2.0-13.el7.x86_64

[root@ipa02 ~]# ipa trust-add --range-type=ipa-ad-trust-posix
Realm name: SLABS.QE
Active Directory domain administrator: administrator
Active Directory domain administrator's password: 
-------------------------------------------------
Added Active Directory trust for realm "slabs.qe"
-------------------------------------------------
  Realm name: slabs.qe
  Domain NetBIOS name: SLABS
  Domain Security Identifier: S-1-5-21-1198230686-218755016-3050646183
  SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17,
                          S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19,
                          S-1-5-18
  SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17,
                          S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19,
                          S-1-5-18
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified

[root@ipaclient02 ~]# getent group agroup1@slabs.qe
agroup1@slabs.qe:*:10000:
Comment 7 errata-xmlrpc 2015-11-19 06:40:59 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html

Note You need to log in before you can comment on or make changes to this bug.