#2407 simple_allow_groups does not lookup groups from other AD domains
Closed: Fixed None Opened 4 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1125187

Description of problem:
simple_allow_groups does not lookup groups from other AD domains

Version-Release number of selected component (if applicable):
sssd-1.11.6-12.el6

How reproducible:
Always

Steps to Reproduce:
1. sssd configured for ad provider. primary domain=sssdad.com
[domain/sssdad.com]
id_provider = ad
debug_level = 0xFFF0
use_fully_qualified_names = True
access_provider = simple
simple_allow_groups=group1_dom3@child1.sssdad.com

2. Lookup the child domain group
# getent group group1_dom3@child1.sssdad.com
group1_dom3@child1.sssdad.com:*:1184401714:user1_dom3@child1.sssdad.com

3. # ssh -l user1_dom3@child1.sssdad.com localhost
user1_dom3@child1.sssdad.com@localhost's password:
Connection closed by ::1

Actual results:
Access is denied

Domain log shows:
(Thu Jul 31 05:07:32 2014) [sssd[be[sssdad.com]]]
[simple_check_get_groups_primary] (0x0040): Could not look up primary group
[1184401711]: [2][No such file or directory]
(Thu Jul 31 05:07:32 2014) [sssd[be[sssdad.com]]]
[simple_check_get_groups_send] (0x0400): All groups had name attribute
(Thu Jul 31 05:07:32 2014) [sssd[be[sssdad.com]]] [simple_access_check_done]
(0x2000): Group check done
(Thu Jul 31 05:07:32 2014) [sssd[be[sssdad.com]]] [simple_access_check_recv]
(0x1000): Access not granted

Expected results:
Access should be permitted

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => preichl
review: True => 0
selected: =>
testsupdated: => 0

As agreed on the Aug-14 meeting, moving to the 1.11.6 milestone

milestone: NEEDS_TRIAGE => SSSD 1.11.7

Fields changed

owner: preichl => lslebodn

Fields changed

status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.11.7

2 years ago

Login to comment on this ticket.

Metadata