Issue #2965: non-root: Cannot find users when second domain tree users are queried while joined to child domain - sssd

SSSD / sssd

#2965 non-root: Cannot find users when second domain tree users are queried while joined to child domain

Closed: Invalid None Opened 8 years ago by lslebodn.

[root@dell-pe860-01 sssd]# realm list
child1.sssdad.com
  type: kerberos
  realm-name: CHILD1.SSSDAD.COM
  domain-name: child1.sssdad.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: %U@child1.sssdad.com
  login-policy: allow-realm-logins

[root@dell-pe860-01 sssd]# id administrator@sssdad_tree.com
id: administrator@sssdad_tree.com: no such user

lslebodn commented 8 years ago

And there is bunch of error with log debug level (0x00f0)

366:(Thu Feb 25 05:46:57 2016) [sssd[be[child1.sssdad.com]]] [be_process_init] (0x0020): No host info module provided for [child1.sssdad.com] !!
665:(Thu Feb 25 05:46:57 2016) [sssd[be[child1.sssdad.com]]] [be_run_online_cb] (0x0080): Going online. Running callbacks.
706:(Thu Feb 25 05:46:57 2016) [sssd[be[child1.sssdad.com]]] [be_ptask_enable] (0x0080): Task [AD machine account password renewal]: already enabled
824:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [sss_krb5_touch_config] (0x0020): Unable to change mtime of "/etc/krb5.conf" [13]: Permission denied
825:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [sss_write_krb5_conf_snippet] (0x0020): Unable to change last modification time of krb5.conf. Created mappings may not be loaded.
835:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [sss_krb5_touch_config] (0x0020): Unable to change mtime of "/etc/krb5.conf" [13]: Permission denied
836:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [sss_write_domain_mappings] (0x0020): Unable to change last modification time of krb5.conf. Created mappings may not be loaded.
1014:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1015:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1016:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1017:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1018:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1019:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1020:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1021:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [select_principal_from_keytab] (0x0080): No suitable principal found in keytab
1022:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [select_principal_from_keytab] (0x0010): Failed to read keytab [default]: No such file or directory
1023:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ad_set_sdap_options] (0x0040): Cannot set the SASL-related options
1024:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ad_subdom_ad_ctx_new] (0x0040): Cannot initialize AD options
1025:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ads_store_sdap_subdom] (0x0040): ad_subdom_ad_ctx_new failed.
1202:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1203:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1204:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1205:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1206:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1207:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1208:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1209:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [select_principal_from_keytab] (0x0080): No suitable principal found in keytab
1210:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [select_principal_from_keytab] (0x0010): Failed to read keytab [default]: No such file or directory
1211:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ad_set_sdap_options] (0x0040): Cannot set the SASL-related options
1212:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ad_subdom_ad_ctx_new] (0x0040): Cannot initialize AD options
1213:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ads_get_root_id_ctx] (0x0040): ad_subdom_ad_ctx_new failed.
1214:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ad_subdomains_get_root_domain_done] (0x0040): Cannot create id ctx for the root domain
1414:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1415:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1416:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1417:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1418:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1419:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1420:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
1421:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [select_principal_from_keytab] (0x0080): No suitable principal found in keytab
1422:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [select_principal_from_keytab] (0x0010): Failed to read keytab [default]: No such file or directory
1423:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ad_set_sdap_options] (0x0040): Cannot set the SASL-related options
1424:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ad_subdom_ad_ctx_new] (0x0040): Cannot initialize AD options
1425:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ads_get_root_id_ctx] (0x0040): ad_subdom_ad_ctx_new failed.
1426:(Thu Feb 25 05:46:58 2016) [sssd[be[child1.sssdad.com]]] [ad_subdomains_get_root_domain_done] (0x0040): Cannot create id ctx for the root domain
1495:(Thu Feb 25 05:47:00 2016) [sssd[be[child1.sssdad.com]]] [sdap_get_users_done] (0x0040): Failed to retrieve users [2][No such file or directory].
1521:(Thu Feb 25 05:47:00 2016) [sssd[be[child1.sssdad.com]]] [ad_get_dom_ldap_conn] (0x0020): No ID ctx available for [sssdad.com].
1724:(Thu Feb 25 05:47:01 2016) [sssd[be[child1.sssdad.com]]] [sdap_get_users_done] (0x0040): Failed to retrieve users [2][No such file or directory].
1793:(Thu Feb 25 05:47:05 2016) [sssd[be[child1.sssdad.com]]] [server_common_rotate_logs] (0x0010): Debug level changed to 0x0010

jhrozek commented 8 years ago

Fields changed

rhbz: => todo

jhrozek commented 8 years ago

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 backlog

jhrozek commented 7 years ago

I'm quite confident this was fixed as part of fixing #3199. Please reopen if you can still reproduce with recent code.

resolution: => worksforme
status: new => closed

jhrozek commented 7 years ago

Since the 1.14 branch is transitioning into maintenance mode and new functionality is being developed in master which will become 1.15 eventually, I'm mass-moving tickets from the 1.14 backlog milestone to the "Future releases" milestone.

milestone: SSSD 1.14 backlog => SSSD Future releases (no date set yet)

Metadata Update from @lslebodn:
- Issue set to the milestone: SSSD Future releases (no date set yet)

7 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4006

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD Future releases (no date set yet)

type

defect

component

SSSD

version

1.13.3

selected

None

testsupdated

patch

rhbz

todo

design_review

review

changelog

None

keywords

None

coverity

None

mark

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#2965 non-root: Cannot find users when second domain tree users are queried while joined to child domain Closed: Invalid None Opened 8 years ago by lslebodn.

Metadata

#2965 non-root: Cannot find users when second domain tree users are queried while joined to child domain

Closed: Invalid None Opened 8 years ago by lslebodn.