Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins
sssd does not evaluate AD UPN suffixes which results in failed user logins
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.9
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: SSSD Maintainers
ipa-qe
:
: 1489125 (view as bug list)
Depends On:
Blocks: 1461138 1504542
  Show dependency treegraph
 
Reported: 2017-08-31 02:28 EDT by Abhinay Reddy Peddireddy
Modified: 2018-08-31 12:32 EDT (History)
18 users (show)

See Also:
Fixed In Version: sssd-1.13.3-59.el6
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-06-19 01:13:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1877 None None None 2018-06-19 01:15 EDT

  None (edit)
Description Abhinay Reddy Peddireddy 2017-08-31 02:28:38 EDT 
Description of problem:

Request to implement this same feature of allowing logins to AD users which have UPN principals as described here (https://bugzilla.redhat.com/show_bug.cgi?id=1441077) for RHEL 6.9 IPA clients.  


Version-Release number of selected component (if applicable):

sssd-1.13.3-57.el6_9.x86_64.rpm
Comment 2 Jakub Hrozek 2017-08-31 15:20:06 EDT 
We believe this was fixed with upstream commit 9b8fcf685c5ca70a5067a621385bcdc8d9fd6469 therefore I'm marking the bug as POST and I'll provide test builds soon.
Comment 6 Jakub Hrozek 2017-10-11 10:11:39 EDT 
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/3505
Comment 7 Lukas Slebodnik 2017-10-13 04:34:52 EDT 
sssd-1-13:
* 3542fe821765cad1f25f6c2a077b55fc1d7d0553
* 7f95edc43d9fc410aab5712552e17f28932ba344
* 07db882d99e2036be94dd305ba50587733b5f3a1
* 6b55915c3939da6e2474633d79783f838627a4b1
Comment 13 Martin Kosek 2017-11-30 06:33:03 EST 
*** Bug 1489125 has been marked as a duplicate of this bug. ***
Comment 23 Jakub Hrozek 2018-02-14 11:58:02 EST 
PR with the additional patches: https://github.com/SSSD/sssd/pull/514
Comment 24 Jakub Hrozek 2018-02-14 11:58:41 EST 
I'm also switching the bug back to ASSIGNED to make it clear additional patches must be merged.
Comment 25 Lukas Slebodnik 2018-02-23 03:59:49 EST 
sssd-1-13:
* 99afca8926fb211774de457e750dea27da8ac3a9
* 42dbd7ee691ffef8b136fc310128aadfd91fd70c
* f6afb6f9418735bcfd125eb2bb2ffeeb5cc07d99
Comment 28 anuja 2018-03-20 03:48:13 EDT 
Verified using:

master :  (7.5)
----------------------------
sssd-1.16.0-19.el7.x86_64
ipa-server-4.5.4-10.el7.x86_64
pki-ca-10.5.1-9.el7.noarch
krb5-server-1.15.1-18.el7.x86_64

client :  (6.10)
----------------------------
ipa-client-3.0.0-51.el6.x86_64
ipa-python-3.0.0-51.el6.x86_64
sssd-1.13.3-60.el6.x86_64

[root@master ~]# ipa trust-find
---------------
1 trust matched
---------------
  Realm name: ipaad2016.test
  Domain NetBIOS name: IPAAD2016
  Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681
  Trust type: Active Directory domain
  UPN suffixes: upn14.in, tomupn14.in, upn2016.in, newad2016.test
----------------------------
Number of entries returned 1
----------------------------

[root@master ~]# id aduser10@tomupn14.in
uid=1577602635(aduser10@ipaad2016.test) gid=1577602635(aduser10@ipaad2016.test) groups=1577602635(aduser10@ipaad2016.test),1577600513(domain users@ipaad2016.test)

[root@client~]# ssh -l aduser10@tomupn14.in master.tomupn14.test
Password: 
Could not chdir to home directory /home/ipaad2016.test/aduser10: No such file or directory
-sh-4.2$ whoami 
aduser10@ipaad2016.test
-sh-4.2$ id
uid=1577602635(aduser10@ipaad2016.test) gid=1577602635(aduser10@ipaad2016.test) groups=1577602635(aduser10@ipaad2016.test),1577600513(domain users@ipaad2016.test) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@client ~]# kinit -E aduser10@tomupn14.in
Password for aduser10\@tomupn14.in@TOMUPN14.TEST: 
[root@client ~]# klist -l
Principal name                 Cache name
--------------                 ----------
aduser10\@tomupn14.in@IPAAD201 FILE:/tmp/krb5cc_0
Comment 35 errata-xmlrpc 2018-06-19 01:13:47 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1877
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.