Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1404697
Description of problem: If the groupPolicyContainer created by some tool (for example the https://www.quest.com/products/password-manager/) does not conatin gpcFunctionalityVersion attribute and sssd stumbles upon such container, it stops the processing and just quit with the default decision (wich is usually deny). To avoid this problem, the SSSD should skip any GPO that does not contain the gpcFunctionalityVersion because this is the behavior specified by the MS-GPOL, see 3.2.5.1.6: ----- 3.2.5.1.6 GPO Filter Evaluation In this step, the client MUST process the GPO as follows: 1. Check for the functionality version of the GPO. If the gPCFunctionalityVersion field of the Group Policy Object Search message (as defined in [MS-ADA1] section 2.278) is not set to 2, the GPO MUST NOT be included in the rest of the protocol sequence. The GPO MUST be considered denied. ----- given that the GPO itself does not have access control rules, you filter it out. Version-Release number of selected component (if applicable): sssd-1.14.0-43.el7.x86_64 Steps to Reproduce: 1. create GPO with https://www.quest.com/products/password-manager/ 2. try to log in with such user Actual results: login fails Expected results: should log in
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1404725 (Red Hat Enterprise Linux 7)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1404697 1404697] => [https://bugzilla.redhat.com/show_bug.cgi?id=1404697 1404697], [https://bugzilla.redhat.com/show_bug.cgi?id=1404725 1404725]
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => mzidek patch: => 0 review: True => 0 selected: => testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.13.5
patch: 0 => 1
master:
sssd-1-14:
sssd-1-13:
resolution: => fixed status: new => closed version: => 1.13.4
Metadata Update from @jhrozek: - Issue assigned to mzidek - Issue set to the milestone: SSSD 1.13.5
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4302
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.