Bug 1891505 - ipa-healthcheck returns msg": "{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}"
Summary: ipa-healthcheck returns msg": "{sssctl} {key} reports mismatch: sssd domains ...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa-healthcheck
Version: 8.2
Hardware: x86_64
OS: Linux
Target Milestone: rc
: 8.0
Assignee: Rob Crittenden
QA Contact: ipa-qe
Depends On:
TreeView+ depends on / blocked
Reported: 2020-10-26 13:40 UTC by Akshay Sakure
Modified: 2021-05-18 15:48 UTC (History)
8 users (show)

Fixed In Version: ipa-healthcheck-0.7-2.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-05-18 15:48:22 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

Description Akshay Sakure 2020-10-26 13:40:08 UTC
- Description of problem:
'ipa-healthcheck --failures-only' returns msg": "{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}"

- Version-Release number of selected component (if applicable):

- How reproducible:

- Steps to Reproduce:
1. Setup IPA-AD trust.
2. Run 'ipa-healthcheck --failures-only' on IPA node.
3. And check for errors.

Actual results:
ipa-healthcheck --failures-only shows an error for SSSD config though configuration is fine:
# ipa-healthcheck --failures-only | less
    "source": "ipahealthcheck.ipa.trust",
    "check": "IPATrustDomainsCheck",
    "result": "ERROR",
    "uuid": "c3bb87ca-b025-466d-af13-9880b28d1384",
    "when": "20200901205038Z",
    "duration": "0.199490",
    "kw": {
      "key": "domain-list",
      "sssctl": "/usr/sbin/sssctl",
      "sssd_domains": "ipadomain.com", 
      "trust_domains": "",   <----- Empty value
      "msg": "{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}"  <------ 
"{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}"

- Expected results:
ipa-healthcheck --failures-only should show correct information.

- Additional info:
This is a bug as it considers trusted domains only those domains that have trust type ‘Active Directory Domain’.

Comment 1 Rob Crittenden 2020-10-26 13:59:52 UTC
What is the output of sssctl domain-list and ipa trust-find?

Comment 8 Rob Crittenden 2020-10-30 13:56:14 UTC
Upstream PR https://github.com/freeipa/freeipa-healthcheck/pull/156

Comment 24 Mike Murphy 2021-04-20 19:09:53 UTC
Checking in to see what projected version and if there is a fix being applied currently. Thanks.

Comment 26 errata-xmlrpc 2021-05-18 15:48:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.