#2196 sssd ad trusted sub domain do not inherit fallbacks and overrides settings
Closed: Fixed None Opened 6 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1053106

Description of problem:
When sssd is joined to and AD forest the trusted domains users will not have a
homedir path or shell.

RHEL7 sssd not setting IPA AD trusted user homedir
https://bugzilla.redhat.com/show_bug.cgi?id=1034920

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Join root forest domain
 realm join --user=Administrator sssdad.com

sssd.conf

[domain/sssdad.com]
ad_domain = sssdad.com
krb5_realm = SSSDAD.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u
access_provider = ad

2. Forest has child and/or other tree trust.

# getent passwd Administrator@sssdad.com
administrator@sssdad.com:*:498200500:498200513:Administrator:/home/sssdad.com/a
dministrator:/bin/bash

# getent passwd Administrator@child1.sssdad.com
administrator@child1.sssdad.com:*:1184400500:1184400500:Administrator:/:

# getent passwd Administrator@sssdad_tree.com
administrator@sssdad_tree.com:*:525400500:525400500:Administrator:/:


Actual results:
homedir path is / and not shell is in getent.

Expected results:
the homedir and shell is inherited from the parent

Additional info:

When global settings are used.

[nss]
default_shell = /bin/bash
fallback_homedir = /home/%d/%u

%u differs between the parent domain and the other two domains.

# getent passwd Administrator@sssdad.com
administrator@sssdad.com:*:498200500:498200513:Administrator:/home/sssdad.com/a
dministrator:/bin/bash

# getent passwd Administrator@child1.sssdad.com
administrator@child1.sssdad.com:*:1184400500:1184400500:Administrator:/home/chi
ld1.sssdad.com/administrator@child1.sssdad.com:/bin/bash

# getent passwd Administrator@sssdad_tree.com
administrator@sssdad_tree.com:*:525400500:525400500:Administrator:/home/sssdad_
tree.com/administrator@sssdad_tree.com:/bin/bash

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
patch: 0 => 1
review: True => 0
selected: =>
status: new => assigned
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.4
resolution: => fixed
status: assigned => closed

Fields changed

changelog: => N/A just a bugfix

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.4

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3238

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata