Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1171383
Description of problem: After AD users login to ipa client, getent for that AD users group should show the users as members of that group Version-Release number of selected component (if applicable): sssd-1.12.2-28.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Install IPA 2. Add Trust with AD 3. Add AD users to a Posix group via an external group 4. Login as AD users on the ipa client 5. Check getent for the posix group Actual results: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : :: [ LOG ] :: ipa_trust_func_user_0017: ipa group shows ad users fully qualified ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : :: [ BEGIN ] :: Running 'ssh_with_password aduser1@adtest.qe vm-idm-044.stv1911.test Secret123' :: [ 13:39:19 ] :: Running: ssh -l "aduser1@adtest.qe" vm-idm-044.stv1911.test "echo 'login successful' :: [ 13:39:24 ] :: ssh login successful :: [ PASS ] :: Command 'ssh_with_password aduser1@adtest.qe vm-idm-044.stv1911.test Secret123' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ssh_with_password aduser2@adtest.qe vm-idm-044.stv1911.test Secret123' :: [ 13:39:25 ] :: Running: ssh -l "aduser2@adtest.qe" vm-idm-044.stv1911.test "echo 'login successful' :: [ 13:39:28 ] :: ssh login successful :: [ PASS ] :: Command 'ssh_with_password aduser2@adtest.qe vm-idm-044.stv1911.test Secret123' (Expected 0, got 0) :: [ BEGIN ] :: Running 'sleep 10' :: [ PASS ] :: Command 'sleep 10' (Expected 0, got 0) :: [ BEGIN ] :: Running 'getent group tgroup5 > ipa_trust_func_user_0017.vOqzFP 2>&1' :: [ PASS ] :: Command 'getent group tgroup5 > ipa_trust_func_user_0017.vOqzFP 2>&1' (Expected 0, got 0) :: [ BEGIN ] :: Running 'cat ipa_trust_func_user_0017.vOqzFP' tgroup5:*:370800008:aduser2@adtest.qe :: [ PASS ] :: Command 'cat ipa_trust_func_user_0017.vOqzFP' (Expected 0, got 0) :: [ FAIL ] :: File 'ipa_trust_func_user_0017.vOqzFP' should contain 'aduser1@adtest.qe' :: [ PASS ] :: File 'ipa_trust_func_user_0017.vOqzFP' should contain 'aduser2@adtest.qe' Expected results: getent for posix group should show both AD members Additional info:
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => lslebodn priority: major => critical review: True => 0 selected: => testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.12.3
Patches for #2529 fix this ticket as well,
master: - ad46350 - 8f9d768
resolution: => fixed status: new => closed
Metadata Update from @jhrozek: - Issue assigned to lslebodn - Issue set to the milestone: SSSD 1.12.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3566
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.