Bug 817964 - simple_allow_groups is not working
simple_allow_groups is not working
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
All Linux
unspecified Severity medium
: rc
: ---
Assigned To: Stephen Gallagher
Depends On:
  Show dependency treegraph
Reported: 2012-05-01 17:50 EDT by Orion Poplawski
Modified: 2012-05-01 18:37 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-05-01 18:37:55 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
sssd_default.log.gz (56.20 KB, application/x-gzip)
2012-05-01 17:50 EDT, Orion Poplawski
no flags Details

  None (edit)
Description Orion Poplawski 2012-05-01 17:50:34 EDT
Created attachment 581482 [details]

Description of problem:

In my [domain/default] section I added:

access_provider = simple
simple_allow_groups = wheel

But I can still login with user "visitor":

visitor@saga's password: 
 15:19:54 up 12 days,  4:41,  3 users,  load average: 7.54, 7.84, 8.26
[visitor@saga ~]$ id
uid=1006(visitor) gid=1009(visitor) groups=1009(visitor) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Version-Release number of selected component (if applicable):

I see:

(Tue May  1 15:37:26 2012) [sssd[be[default]]] [sssm_simple_access_init] (9): Allow user list is empty.
(Tue May  1 15:37:26 2012) [sssd[be[default]]] [sssm_simple_access_init] (9): Deny user list is empty.
(Tue May  1 15:37:26 2012) [sssd[be[default]]] [sssm_simple_access_init] (9): Deny user list is empty.

but nothing for group list.
Comment 2 Orion Poplawski 2012-05-01 17:57:22 EDT
Never mind, while I had enabled sss in /etc/nsswitch.conf I had not run:

authconfig --enablesssauth --update
Comment 3 Orion Poplawski 2012-05-01 17:57:39 EDT
Sorry, authconfig --enablesssdauth --update
Comment 4 Stephen Gallagher 2012-05-01 18:37:55 EDT
Ok, sounds like this was just a misconfiguration.

Note You need to log in before you can comment on or make changes to this bug.