#2334 Simple access fails to look up primary group when using sssd-ad until running the id command.
Closed: Fixed None Opened 8 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1092766

Description of problem:
When attempting to login in the morning (most likely empty cache) access is
denied by the simple access provider until logging in as root and running "id
username" on the user. After this access is allowed. This is occurring on all 4
servers. SSSD is configured using sssd-ad and access is restricted using simple
access with the user's primary group listed for simple access.

This looks like a degradation of bug 670763 or something similar that wasn't
fixed for sssd-ad

Version-Release number of selected component (if applicable):
sssd-1.9.2-129.el6_5.4.x86_64

How reproducible:
I had the customer use the following:
https://access.redhat.com/site/articles/704743

Steps to Reproduce:
1.
2.
3.

Actual results:
required to run "id username" before simple access succeeds

Expected results:
access is allowed everytime

Additional info:
The sssd.conf configuration

[domain/default]
id_provider = ad
ldap_id_mapping = False
ldap_schema = ad
access_provider = simple
simple_allow_groups = primarygroup
ad_server = adserver.domain
ad_domain = DOMAIN
debug_level = 9


[sssd]
services = nss, pam
config_file_version = 2
debug_level = 9
domains = default

[nss]
debug_level = 9
[pam]
debug_level = 9

[sudo]
debug_level = 9

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.11.6
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

owner: somebody => preichl

Fields changed

patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to preichl
- Issue set to the milestone: SSSD 1.11.6

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3376

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata