Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1375552
Created attachment 1200475 sssd realm log Description of problem: Since a few days, it seems that the setting `krb5_map_user` on `/etc/sssd/sssd.conf` is not taking effect. I have this property set to `jpkroehling:jcosta`, so that my local user `jpkroehling` is translated to `jcosta` on a given Kerberos realm. It used to work, but now, I see the following on the logs: Sep 13 13:37:56 carambola [sssd[krb5_child[15539]]][15539]: Client 'jpkroehling@REDHAT.COM' not found in Kerberos database Version-Release number of selected component (if applicable): 1.14.1 , release 2.fc24 How reproducible: Always Steps to Reproduce: I basically followed the instructions on [1] to get an automatic kinit whenever I login. [1] https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-callin g-kinit-with-sssds-help/ Actual results: There's no valid Kerberos ticket, as it tries to get one for the user `jpkroehling`. Expected results: A Kerberos ticket would have been obtained for `jcosta`. Additional info: From IRC: <lslebodn> jpkroehling: Could you file a fedora BZ + provide log files with debug_level=9 <lslebodn> I assume that bug is caused by sysdb refactoring wich was done in 1.14 A possible workaround is to downgrade sssd: dnf downgrade sssd-krb5 sssd sssd-krb5-common python3-sssdconfig sssd-ad sssd-krb5-common sssd-ipa sssd-ldap sssd-proxy sssd-common-pac libipa_hbac sssd-common libsss_autofs libsss_idmap libsss_sudo sssd-client
Another regression caused by the FQDNs in sysdb..
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => jhrozek review: True => 0 selected: => status: new => assigned testsupdated: => 0
Actually somebody can fix this. The problem is that the get_krb_primary compares a short name from the config with a qualified name from the provider. Since this feature works with only the primary domain, we can probably qualify all the names when loading them.
get_krb_primary
owner: jhrozek => somebody status: assigned => new
Fields changed
owner: somebody => pcech status: new => assigned
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.14.2
master:
resolution: => fixed status: assigned => closed version: => 1.14.0
Metadata Update from @jhrozek: - Issue assigned to pcech - Issue set to the milestone: SSSD 1.14.2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4221
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.