Hide Forgot
Description of problem: It seems that the exit status has changed causing the following automated test that is used for regression testing to fail. account-password-policy-003-User-account-disabled account-password-policy-004-bz1081046-User-account-is-expired Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Run the AD Parameters test 2. The following test cases; account-password-policy-003-User-account-disabled and account-password-policy-004-bz1081046-User-account-is-expired fails. 3. Actual results: :: [ FAIL ] :: File '/var/log/secure' should contain 'User account has expired' :: [ FAIL ] :: Command 'id user1-1478375 | cut -f2 -d " " | grep group1-1478375' (Expected 0, got 1) Expected results: :: [ PASS ] :: File '/var/log/secure' should contain 'User account has expired' :: [ PASS ] :: Command 'id user1-1478375 | cut -f2 -d " " | grep group1-1478375' (Expected 0, got 1) Additional info: Previous patch that caused this bug. https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/thread/OM2BME5DKH3HBD23BB5SC73I5VTATIGD/#FFKZZXSHZXYIC3P6H3P4Z5INSPEZD6MC
Upstream ticket: https://fedorahosted.org/sssd/ticket/3198
> Previous patch that caused this bug. > > https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted. > org/thread/OM2BME5DKH3HBD23BB5SC73I5VTATIGD/#FFKZZXSHZXYIC3P6H3P4Z5INSPEZD6MC The behaviour before the change was not correct either. sssd returned error code for expired user even for disabled user. The current behaviour is that sssd returns error code for disabled user for expired and disabled user. This BZ should properly distinguish between expired and disabled user from AD with id provider ad
This bugzilla still needs work upstream. Because we are nearing the development freeze of RHEL-7.4 and the work is not finished yet, I'm reproposing the bug to RHEL-7.5. Please push back if you disagree.
* master: * d380148b0a23dd1a04d1d0767ba41d3e76fb7d23 * 5a7b76bf3dc1b7a4a6ca6608c750cbffef73a3eb
Verified. Jul 18 02:39:44 cypher sshd[25498]: pam_sss(sshd:account): system info: [The user account is expired on the AD server] Jul 18 02:39:44 cypher sshd[25498]: pam_sss(sshd:account): Access denied for user testuser01-2620451: 13 (User account has expired) Jul 18 02:39:44 cypher sshd[25498]: fatal: Access denied for user testuser01-2620451 by PAM account configuration [preauth] Jul 18 02:42:38 cypher su: pam_unix(su:session): session opened for user nobody by (uid=0) tested against sssd-1.16.2-7.el7.x86_64, test case needs to be updated since the secure message has changed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3158