2095086 – ipa authentication fails after upgrade to 2.7.1

Bug 2095086 - ipa authentication fails after upgrade to 2.7.1

Summary: ipa authentication fails after upgrade to 2.7.1

Keywords:
Status:	CLOSED DUPLICATE of bug 2094685
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sssd
Sub Component:
Version:	36
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	sssd-maintainers
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2095162 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-06-09 01:23 UTC by Dennis Gilmore
Modified:	2022-06-09 11:46 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-06-09 05:16:26 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dennis Gilmore 2022-06-09 01:23:04 UTC

Description of problem:
after upgrade of sssd from 2.7.0-1.fc36 to 2.7.1-1.fc36 I was unable to successfully authenticate. downgrading allowed authentication to work again

Version-Release number of selected component (if applicable):
sssd-2.7.1-1.fc36

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
Jun 08 20:11:11 adria.ausil.us systemd[1]: Started sssd.service - System Security Services Daemon.
Jun 08 20:11:14 adria.ausil.us sssd_be[665011]: GSSAPI client step 1
Jun 08 20:11:14 adria.ausil.us sssd_be[665011]: GSSAPI client step 1
Jun 08 20:11:14 adria.ausil.us sssd_be[665011]: GSSAPI client step 1
Jun 08 20:11:14 adria.ausil.us sssd_be[665011]: GSSAPI client step 2
Jun 08 20:11:35 adria.ausil.us krb5_child[665561]: Unknown code UUz 100
Jun 08 20:12:28 adria.ausil.us krb5_child[665845]: Unknown code UUz 100
Jun 08 20:12:50 adria.ausil.us krb5_child[665987]: Unknown code UUz 100


Expected results:


Additional info:

Comment 1 Dennis Gilmore 2022-06-09 01:25:20 UTC

looks like someone experienced the same issue on debian also https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1857082.html

Comment 2 Dennis Gilmore 2022-06-09 01:32:33 UTC

the workaround listed in https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/MTDW3B2MVNLWZJSLG4JWEKIWDPMOM6QU/ works. we need a packaged fix ASAP

Comment 3 Sumit Bose 2022-06-09 05:16:26 UTC


*** This bug has been marked as a duplicate of bug 2094685 ***

Comment 4 Sumit Bose 2022-06-09 05:20:33 UTC

As a work-around set

    pac_check = check_upn, check_upn_dns_info_ex

in the [pac] section of sssd.conf.

Comment 5 Rob Crittenden 2022-06-09 11:46:42 UTC

*** Bug 2095162 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.