Bug 988360 - sssd doesn't show users from newly added Active Directory domain, when multiple trusts are created
sssd doesn't show users from newly added Active Directory domain, when multip...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: sssd (Show other bugs)
19
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Jakub Hrozek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-25 07:58 EDT by Niranjan Mallapadi Raghavender
Modified: 2013-10-23 11:46 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-23 11:46:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sssd logs with debug level 10 (35.01 KB, application/x-gzip)
2013-07-25 07:58 EDT, Niranjan Mallapadi Raghavender
no flags Details

  None (edit)
Description Niranjan Mallapadi Raghavender 2013-07-25 07:58:34 EDT
Created attachment 778238 [details]
sssd logs with debug level 10

Description of problem:
sssd doesn't show users from newly added Active Directory domain, when multiple trusts are created

Version-Release number of selected component (if applicable):
sssd-1.11.0-0.1.beta2.fc19.x86_64
sssd-krb5-common-1.11.0-0.1.beta2.fc19.x86_64
sssd-ldap-1.11.0-0.1.beta2.fc19.x86_64
sssd-client-1.11.0-0.1.beta2.fc19.x86_64
sssd-ipa-1.11.0-0.1.beta2.fc19.x86_64
sssd-common-1.11.0-0.1.beta2.fc19.x86_64
sssd-ad-1.11.0-0.1.beta2.fc19.x86_64
sssd-proxy-1.11.0-0.1.beta2.fc19.x86_64
sssd-krb5-1.11.0-0.1.beta2.fc19.x86_64
freeipa-python-3.3.0-0.2.beta1.fc19.x86_64
freeipa-server-trust-ad-3.3.0-0.2.beta1.fc19.x86_64
libipa_hbac-1.11.0-0.1.beta2.fc19.x86_64
sssd-ipa-1.11.0-0.1.beta2.fc19.x86_64
freeipa-admintools-3.3.0-0.2.beta1.fc19.x86_64
freeipa-server-3.3.0-0.2.beta1.fc19.x86_64
libipa_hbac-python-1.11.0-0.1.beta2.fc19.x86_64
iniparser-3.1-2.fc19.x86_64
python-iniparse-0.4-7.fc19.noarch
freeipa-client-3.3.0-0.2.beta1.fc19.x86_64

How reproducible:

Have 2 AD Domains: (with posix Attributes)

win2.ceres.site
win1.philip.site

1. Configure freeipa server on F-19 
2. Create ipa trust with win2.ceres.site

[root@master1 sssd]# ipa trust-show
Realm name: win2.ceres.site 
  Realm name: win2.ceres.site
  Domain NetBIOS name: WIN2
  Domain Security Identifier: S-1-5-21-3788982561-4130956705-2391027395
  Trust direction: Two-way trust
  Trust type: Active Directory domain

3. Create ipa trust with win1.philip.site
[root@master1 sssd]# ipa trust-show
Realm name: win1.philip.site
  Realm name: win1.philip.site
  Domain NetBIOS name: WIN1
  Domain Security Identifier: S-1-5-21-1931677605-3808565714-2911731196
  Trust direction: Two-way trust
  Trust type: Active Directory domain

4. Create AD user testaduser1 in win2.ceres.site and apply posix attributes. 

5. from ipa server, getent passwd testaduser1@win2.ceres.site returns 

[root@master1 sssd]# getent passwd testaduser1@win2.ceres.site
testaduser1@win2.ceres.site:*:1343201107:1343201107:testad user1:/home/testaduser1:/bin/sh

6. Create AD user philip_testaduser1 in win1.philip.site and on ipa server getent passwd philip_testaduser1@win1.philip.site doesn't return user info
 

Actual results:

sssd doesn't return users from 2nd AD (win1.philip.site)

Expected results:
sssd should also return user's from 2nd AD also. 

Additional info:
2nd AD win1.philip.site is not in the same timezone as IPA.


Attaching sssd logs
Comment 1 Jakub Hrozek 2013-07-25 15:10:13 EDT
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2033
Comment 2 Jakub Hrozek 2013-10-23 11:46:41 EDT
Hi,

during triaging of this bug I found out that the problem was already fixed in 1.11.1. I will close this bugzilla as CURRENTRELEASE as we 1.11.1 in Fedora for some time.

Thank you for reporting the bug. Kindly reopen if you still see problems with multiple trusts.

Note You need to log in before you can comment on or make changes to this bug.