Description of problem: Found when following a test scenario: https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_realmd_join_sssd # realm join --user=Leela $TESTDOMAIN sssd was installed and I joing the domain, but sssd service was not running (because of selinux) # service sssd status Redirecting to /bin/systemctl status sssd.service sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled) Active: inactive (dead) CGroup: name=systemd:/system/sssd.service Oct 18 04:18:16 dhcp-25-148 systemd[1]: Stopped System Security Services Daemon. # getent passwd 'RADI08\Leela' # in permissive the sshd started properly: # getent passwd 'RADI08\Leela' RADI08\leela:*:535601116:535600513:Turanga Leela:/home/RADI08/leela:/bin/bash Another bunch of denial I got when leaving the domain: # realm leave --user=Leela $TESTDOMAIN Version-Release number of selected component (if applicable): sssd-1.9.2-1.fc18.i686 selinux-policy-3.11.1-36.fc18.noarch realmd-0.9-1.fc18.i686 How reproducible: always Steps to Reproduce: follow the test scenario https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_realmd_join_sssd as root Actual result: sssd didn't start, getent not providing any output
Created attachment 629246 [details] AVC denials gathered in permissive
realmd is starting sssd. More related AVCs here: bug #867767
*** This bug has been marked as a duplicate of bug 867767 ***