Hide Forgot
Description of problem: Request to implement this same feature of allowing logins to AD users which have UPN principals as described here (https://bugzilla.redhat.com/show_bug.cgi?id=1441077) for RHEL 6.9 IPA clients. Version-Release number of selected component (if applicable): sssd-1.13.3-57.el6_9.x86_64.rpm
We believe this was fixed with upstream commit 9b8fcf685c5ca70a5067a621385bcdc8d9fd6469 therefore I'm marking the bug as POST and I'll provide test builds soon.
Upstream ticket: https://pagure.io/SSSD/sssd/issue/3505
sssd-1-13: * 3542fe821765cad1f25f6c2a077b55fc1d7d0553 * 7f95edc43d9fc410aab5712552e17f28932ba344 * 07db882d99e2036be94dd305ba50587733b5f3a1 * 6b55915c3939da6e2474633d79783f838627a4b1
*** Bug 1489125 has been marked as a duplicate of this bug. ***
PR with the additional patches: https://github.com/SSSD/sssd/pull/514
I'm also switching the bug back to ASSIGNED to make it clear additional patches must be merged.
sssd-1-13: * 99afca8926fb211774de457e750dea27da8ac3a9 * 42dbd7ee691ffef8b136fc310128aadfd91fd70c * f6afb6f9418735bcfd125eb2bb2ffeeb5cc07d99
Verified using: master : (7.5) ---------------------------- sssd-1.16.0-19.el7.x86_64 ipa-server-4.5.4-10.el7.x86_64 pki-ca-10.5.1-9.el7.noarch krb5-server-1.15.1-18.el7.x86_64 client : (6.10) ---------------------------- ipa-client-3.0.0-51.el6.x86_64 ipa-python-3.0.0-51.el6.x86_64 sssd-1.13.3-60.el6.x86_64 [root@master ~]# ipa trust-find --------------- 1 trust matched --------------- Realm name: ipaad2016.test Domain NetBIOS name: IPAAD2016 Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681 Trust type: Active Directory domain UPN suffixes: upn14.in, tomupn14.in, upn2016.in, newad2016.test ---------------------------- Number of entries returned 1 ---------------------------- [root@master ~]# id aduser10@tomupn14.in uid=1577602635(aduser10@ipaad2016.test) gid=1577602635(aduser10@ipaad2016.test) groups=1577602635(aduser10@ipaad2016.test),1577600513(domain users@ipaad2016.test) [root@client~]# ssh -l aduser10@tomupn14.in master.tomupn14.test Password: Could not chdir to home directory /home/ipaad2016.test/aduser10: No such file or directory -sh-4.2$ whoami aduser10@ipaad2016.test -sh-4.2$ id uid=1577602635(aduser10@ipaad2016.test) gid=1577602635(aduser10@ipaad2016.test) groups=1577602635(aduser10@ipaad2016.test),1577600513(domain users@ipaad2016.test) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@client ~]# kinit -E aduser10@tomupn14.in Password for aduser10\@tomupn14.in@TOMUPN14.TEST: [root@client ~]# klist -l Principal name Cache name -------------- ---------- aduser10\@tomupn14.in@IPAAD201 FILE:/tmp/krb5cc_0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:1877