#2400 sssd can't retrieve sudo rules when using the "default_domain_suffix" option
Closed: Fixed None Opened 6 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1127757

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:

In environment AD<->IDM Trust if the domains are set as below then sudo rule is
not fetched in "Host Group" is configured.

====================================================
[domain/linux.example.com]
ipa_domain = linux.example.com
.
.
[sssd]
default_domain_suffix = example.com
===================================================

Sssd tries to fetch host group information based on AD domain name due to which
lookup fails and sudo command does not fetch any information.  Logs are given
below.

-------------------------------------------------------------------------------
(Wed Aug  6 10:31:06 2014) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing
request for [0x432730:4:host-group@EXAMPLE.COM]
(Wed Aug  6 10:31:06 2014) [sssd[nss]] [sss_dp_get_account_msg] (0x0400):
Creating request for [EXAMPLE.COM][4100][1][name=ft-development]
(Wed Aug  6 10:31:06 2014) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x1ca3770
(Wed Aug  6 10:31:06 2014) [sssd[nss]] [sss_dp_internal_get_send] (0x0400):
Entering request [0x432730:4:host-group@EXAMPLE.COM]
(Wed Aug  6 10:31:06 2014) [sssd[nss]] [sbus_remove_timeout] (0x2000):
0x1ca3770
(Wed Aug  6 10:31:06 2014) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn:
1CA3C00
(Wed Aug  6 10:31:06 2014) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching.
(Wed Aug  6 10:31:06 2014) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply
from Data Provider - DP error code: 3 errno: 22 error message: User lookup
failed
(Wed Aug  6 10:31:06 2014) [sssd[nss]] [lookup_netgr_dp_callback] (0x0040):
Unable to get information from Data Provider Error: 3, 22, User lookup failed
Will try to return what we have in cache
-------------------------------------------------------------------------------


Version-Release number of selected component (if applicable):

sssd-1.9.2-129.el6_5.4.x86_64

How reproducible:

Always


Expected results:

Should check for host group based on ipa domain (linux.exmaple.com).

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
review: True => 0
selected: =>
status: new => assigned
testsupdated: => 0

Fields changed

patch: 0 => 1

milestone: NEEDS_TRIAGE => SSSD 1.11.7
resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.7

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3442

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata