Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1169739
Description of problem: This is a regression for bz1075663 and bz1073635 Version-Release number of selected component (if applicable): sssd-1.12.2-28.el7.x86_64 ipa-server-4.1.0-10.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Install IPA and add Trust with AD * https://bugzilla.redhat.com/show_bug.cgi?id=1075663 [root@ibm-x3620m3-01 ~]# ipa group-add-member gr1075663 --groups=gr1075663_ext Group name: gr1075663 Description: 0 GID: 1119800014 Member groups: gr1075663_ext ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# ipa group-add-member gr1075663_ext --users='' --groups='' --external="aduser1@${AD_top_domain}" Group name: gr1075663_ext Description: 0 External member: S-1-5-21-1910160501-511572375-3625658879-1313 Member of groups: gr1075663 ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service [root@ibm-x3620m3-01 ~]# id aduser1@${AD_top_domain} uid=1148401313(aduser1@adtest.qe) gid=1148401313(aduser1@adtest.qe) groups=1148 401313(aduser1@adtest.qe),1148402424(adunigroup1@adtest.qe),1148401449(adgroup1 @adtest.qe),1148402425(adgroup2@adtest.qe),1148400513(domain users@adtest.qe),1119800014(gr1075663),1119800008(adgrp) [root@ibm-x3620m3-01 ~]# ipa selinuxusermap-add-user selinux_1075663 --groups=gr1075663 Rule name: selinux_1075663 SELinux User: staff_u:s0-s0:c0.c1023 Host category: all Enabled: TRUE User Groups: gr1075663 ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# cat /home/${AD_top_domain}/aduser1/.k5login aduser1@adtest.qe aduser1@ADTEST.QE ADTEST\aduser1 adtest\aduser1 [root@ibm-x3620m3-01 ~]# kdestroy -A [root@ibm-x3620m3-01 ~]# echo ${AD_top_pswd}|kinit aduser1@${AD_TOP_REALM} Password for aduser1@ADTEST.QE: [root@ibm-x3620m3-01 ~]# ssh -K -l aduser1@${AD_top_domain} $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@ibm-x3620m3-01 ~]# ssh -K -l aduser1@${AD_TOP_REALM} $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@ibm-x3620m3-01 ~]# ssh -K -l "${AD_top_netbios}\\aduser1" $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@ibm-x3620m3-01 ~]# ssh -K -l "${AD_top_netbios,,}\\aduser1" $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 * https://bugzilla.redhat.com/show_bug.cgi?id=1073635 [root@ibm-x3620m3-01 ~]# ipa group-add-member gr1073635 --groups=gr1073635_ext Group name: gr1073635 Description: 0 GID: 1119800015 Member groups: gr1073635_ext ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# ipa group-add-member gr1073635_ext --users='' --groups='' \ > --external="aduser1@${AD_top_domain}" Group name: gr1073635_ext Description: 0 External member: S-1-5-21-1910160501-511572375-3625658879-1313 Member of groups: gr1073635 ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# ipa selinuxusermap-add-host selinux_1073635 --hosts=$MASTER Rule name: selinux_1073635 SELinux User: staff_u:s0-s0:c0.c1023 Enabled: TRUE User Groups: gr1073635 Hosts: ibm-x3620m3-01.steeve2011.test ------------------------- Number of members added 1 ------------------------- [root@ibm-x3620m3-01 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service [root@ibm-x3620m3-01 ~]# kdestroy -A [root@ibm-x3620m3-01 ~]# echo ${AD_top_pswd}|kinit aduser1@${AD_TOP_REALM} Password for aduser1@ADTEST.QE: [root@ibm-x3620m3-01 ~]# ssh -K -l aduser1@${AD_top_domain} $(hostname) 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => lslebodn patch: 0 => 1 review: True => 0 selected: => status: new => assigned testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.12.3
resolution: => fixed status: assigned => closed
Metadata Update from @lslebodn: - Issue assigned to lslebodn - Issue set to the milestone: SSSD 1.12.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3554
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.