Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1213940
Description of problem: Override for trusted AD users with --login causes failure for group membership resolution prioir login Version-Release number of selected component (if applicable): [root@vm-idm-018 ~]# rpm -q sssd ipa-client sssd-1.12.4-31.el6.x86_64 ipa-client-3.0.0-46.el6.x86_64 How reproducible: always Steps to Reproduce: * On Server no override for aduser1@pune.adtest.qe [root@sideswipe ~]# ipa idoverrideuser-find 'default trust view' aduser1@pune.adtest.qe --------------------------- 0 User ID overrides matched --------------------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@sideswipe ~]# service sssd stop ; rm -f /var/lib/sss/{db,mc}/* ; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service * On Client group resolve prior to login works [root@vm-idm-018 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Stopping sssd: [ OK ] Starting sssd: [ OK ] [root@vm-idm-018 ~]# id aduser1@pune.adtest.qe uid=839001130(aduser1@pune.adtest.qe) gid=839001130(aduser1@pune.adtest.qe) gro ups=839001130(aduser1@pune.adtest.qe),1148402424(adunigroup1@adtest.qe),8390011 72(adgroup2@pune.adtest.qe),839001120(adgroup1@pune.adtest.qe),839000513(domain users@pune.adtest.qe) * On Server override added for aduser1@pune.adtest.qe with login name puser1 [root@sideswipe ~]# ipa idoverrideuser-add 'default trust view' aduser1@pune.adtest.qe --login puser1 ----------------------------------------------- Added User ID override "aduser1@pune.adtest.qe" ----------------------------------------------- Anchor to override: aduser1@pune.adtest.qe User login: puser1 [root@sideswipe ~]# service sssd stop ; rm -f /var/lib/sss/{db,mc}/* ; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service * On Client group resolve fails prior to login. Group membership are resolved after user does login [root@vm-idm-018 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Stopping sssd: [ OK ] Starting sssd: [ OK ] [root@vm-idm-018 ~]# id aduser1@pune.adtest.qe uid=839001130(puser1@pune.adtest.qe) gid=839001130(puser1@pune.adtest.qe) groups=839001130(puser1@pune.adtest.qe),839000513(domain users@pune.adtest.qe) * Restart sssd on both server and client [root@vm-idm-018 ~]# id puser1@pune.adtest.qe id: puser1@pune.adtest.qe: No such user # bz1213822 [root@vm-idm-018 ~]# id puser1@pune.adtest.qe uid=839001130(puser1@pune.adtest.qe) gid=839001130(puser1@pune.adtest.qe) groups=839001130(puser1@pune.adtest.qe),839000513(domain users@pune.adtest.qe) * Login as puser1 and then run id [root@vm-idm-018 ~]# ssh -l puser1@pune.adtest.qe `hostname` echo 'login successful' puser1@pune.adtest.qe@vm-idm-018.ipaviews.test's password: login successful [root@vm-idm-018 ~]# id puser1@pune.adtest.qe uid=839001130(puser1@pune.adtest.qe) gid=839001130(puser1@pune.adtest.qe) groups=839001130(puser1@pune.adtest.qe),839000513(domain users@pune.adtest.qe), 839001120(adgroup1@pune.adtest.qe),1148402424(adunigroup1@adtest.qe),839001172( adgroup2@pune.adtest.qe)
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1214718 (Red Hat Enterprise Linux 7)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1213940 1213940] => [https://bugzilla.redhat.com/show_bug.cgi?id=1213940 1213940], [https://bugzilla.redhat.com/show_bug.cgi?id=1214718 1214718]
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 patch: 0 => 1 review: True => 0 selected: => testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.12.5
resolution: => fixed status: new => closed
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.12.5
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3673
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.