#2196 sssd ad trusted sub domain do not inherit fallbacks and overrides settings
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1053106

Description of problem:
When sssd is joined to and AD forest the trusted domains users will not have a
homedir path or shell.

RHEL7 sssd not setting IPA AD trusted user homedir
https://bugzilla.redhat.com/show_bug.cgi?id=1034920

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Join root forest domain
 realm join --user=Administrator sssdad.com

sssd.conf

[domain/sssdad.com]
ad_domain = sssdad.com
krb5_realm = SSSDAD.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u
access_provider = ad

2. Forest has child and/or other tree trust.

# getent passwd Administrator@sssdad.com
administrator@sssdad.com:*:498200500:498200513:Administrator:/home/sssdad.com/a
dministrator:/bin/bash

# getent passwd Administrator@child1.sssdad.com
administrator@child1.sssdad.com:*:1184400500:1184400500:Administrator:/:

# getent passwd Administrator@sssdad_tree.com
administrator@sssdad_tree.com:*:525400500:525400500:Administrator:/:


Actual results:
homedir path is / and not shell is in getent.

Expected results:
the homedir and shell is inherited from the parent

Additional info:

When global settings are used.

[nss]
default_shell = /bin/bash
fallback_homedir = /home/%d/%u

%u differs between the parent domain and the other two domains.

# getent passwd Administrator@sssdad.com
administrator@sssdad.com:*:498200500:498200513:Administrator:/home/sssdad.com/a
dministrator:/bin/bash

# getent passwd Administrator@child1.sssdad.com
administrator@child1.sssdad.com:*:1184400500:1184400500:Administrator:/home/chi
ld1.sssdad.com/administrator@child1.sssdad.com:/bin/bash

# getent passwd Administrator@sssdad_tree.com
administrator@sssdad_tree.com:*:525400500:525400500:Administrator:/home/sssdad_
tree.com/administrator@sssdad_tree.com:/bin/bash

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
patch: 0 => 1
review: True => 0
selected: =>
status: new => assigned
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.4
resolution: => fixed
status: assigned => closed

Fields changed

changelog: => N/A just a bugfix

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.4

2 years ago

Login to comment on this ticket.

Metadata