#2060 Cached credentials aren't working with sssd-ad UPN logins
Closed: Fixed None Opened 11 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1001310

Description of problem:

Using SSSD AD and a UPN username login (i.e where the UPN name doesn't equal
the domain name) succeeds correctly when connected to the network. However the
user in unable to login when offline. Cached credentials aren't working.

Version-Release number of selected component (if applicable):
sssd-1.11.0-0.1.beta2.fc19.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1.Login whilst connected to the network
2.Logout
3.Disconnect network cable
4.Attempt to login when off the network

Actual results:
Unable to login off the network

Expected results:
Login succeeds off the network

Additional info:

I can't guarantee this is due to UPN logins, but I'm guessing due to presumably
cached credentials working for users on simpler domains. I have no way of
testing this.

My very un-sssd expert eyes seem to indicate that sssd is losing the username
(lots of name "(unknown)" appearing) somewhere in the process.

(Mon Aug 26 19:08:08 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is
valid, returning..
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400):
Initgroups for [colin@iongeo.lan] completed
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer
re-set for client [0x7f08383b83d0][20]ion
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer
re-set for client [0x7f08383b83d0][20]
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17] with input [(unknown)].
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200):
name '(unknown)' matched without domain, user is (unknown)
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200):
using default domain [(null)]
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting
info for [(unknown)] from [<ALL>]
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/iongeo.lan/(unknown)]
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User
[(unknown)] does not exist in [iongeo.lan]! (negative cache)
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No
matching domain found for [(unknown)], fail!
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer
re-set for client [0x7f08383b83d0][20]
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer
re-set for client [0x7f08383b83d0][20]
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17] with input [(unknown)].
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200):
name '(unknown)' matched without domain, user is (unknown)
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200):
using default domain [(null)]
(Mon Aug 26 19:08:08 2013) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting
info for [(unknown)] from [<ALL>]

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.11.1
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

owner: somebody => sbose

Fields changed

patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.1

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3102

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Log in to comment on this ticket.

Metadata