Learn more about these different git repos.
Other Git URLs
sssd code includes hard coded values for AD DC os version:
https://git.fedorahosted.org/cgit/sssd.git/tree/src/providers/ldap/sdap.c
if (ret == EOK) { /* Validate that the DC level matches an expected value */ switch(dc_level) { case DS_BEHAVIOR_WIN2000: case DS_BEHAVIOR_WIN2003: case DS_BEHAVIOR_WIN2008: case DS_BEHAVIOR_WIN2008R2: case DS_BEHAVIOR_WIN2012: opts->dc_functional_level = dc_level; DEBUG(SSSDBG_CONF_SETTINGS, "Setting AD compatibility level to [%d]\n", opts->dc_functional_level); break; default: DEBUG(SSSDBG_MINOR_FAILURE, "Received invalid value for AD compatibility level. " "Continuing without AD performance enhancements\n"); } } else if (ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, "Error detecting Active Directory compatibility level " "(%s). Continuing without AD performance enhancements\n", strerror(ret)); }
https://git.fedorahosted.org/cgit/sssd.git/tree/src/providers/ldap/sdap.h
/* Values from * http://msdn.microsoft.com/en-us/library/cc223272%28v=prot.13%29.aspx */ enum dc_functional_level { DS_BEHAVIOR_WIN2000 = 0, DS_BEHAVIOR_WIN2003 = 2, DS_BEHAVIOR_WIN2008 = 3, DS_BEHAVIOR_WIN2008R2 = 4, DS_BEHAVIOR_WIN2012 = 5 };
There is a new OS version avalable in: http://msdn.microsoft.com/en-us/library/cc223272%28v=prot.13%29.aspx 6 = DS_BEHAVIOR_WIN2012R2
This means sssd cant authenticate agains Win2012R2 server AD DC-s.
Thank you very much for the bug report. I'll test the behaviour locally and prepare a patch.
Updating the title to sound less "harsh", SSSD should just fall back to (slower) general LDAP interface instead of using AD optimization. It should not affect the authentication itself.
summary: sssd utility does not authenticate with AD DC os version Windows server 2012 R2 => sssd does not recognize Windows server 2012 R2's LDAP as AD
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1134940
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1134940 1134940]
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1134942
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1134940 1134940] => [https://bugzilla.redhat.com/show_bug.cgi?id=1134940 1134940], [https://bugzilla.redhat.com/show_bug.cgi?id=1134942 1134942]
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.11.7
owner: somebody => jhrozek patch: 0 => 1 status: new => assigned
_comment0: * master 5c2f202 0fafb51 9ea0969 * sssd-1-11: 7f59cc4 aaab5cd de4788b => 1409572385645414 resolution: => fixed status: assigned => closed
Metadata Update from @kristjanelias: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.11.7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3460
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.