#2524 getent fails for posix group with AD users after login
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1171383

Description of problem:
After AD users login to ipa client, getent for that AD users group should show
the users as members of that group

Version-Release number of selected component (if applicable):
sssd-1.12.2-28.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Install IPA
2. Add Trust with AD
3. Add AD users to a Posix group via an external group
4. Login as AD users on the ipa client
5. Check getent for the posix group

Actual results:
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:
:: [   LOG    ] :: ipa_trust_func_user_0017: ipa group shows ad users fully
qualified
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:

:: [  BEGIN   ] :: Running 'ssh_with_password aduser1@adtest.qe
vm-idm-044.stv1911.test Secret123'
:: [ 13:39:19 ] :: Running: ssh -l "aduser1@adtest.qe" vm-idm-044.stv1911.test
"echo 'login successful'
:: [ 13:39:24 ] :: ssh login successful
:: [   PASS   ] :: Command 'ssh_with_password aduser1@adtest.qe
vm-idm-044.stv1911.test Secret123' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ssh_with_password aduser2@adtest.qe
vm-idm-044.stv1911.test Secret123'
:: [ 13:39:25 ] :: Running: ssh -l "aduser2@adtest.qe" vm-idm-044.stv1911.test
"echo 'login successful'
:: [ 13:39:28 ] :: ssh login successful
:: [   PASS   ] :: Command 'ssh_with_password aduser2@adtest.qe
vm-idm-044.stv1911.test Secret123' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'sleep 10'
:: [   PASS   ] :: Command 'sleep 10' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent group tgroup5 >
ipa_trust_func_user_0017.vOqzFP 2>&1'
:: [   PASS   ] :: Command 'getent group tgroup5 >
ipa_trust_func_user_0017.vOqzFP 2>&1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'cat ipa_trust_func_user_0017.vOqzFP'
tgroup5:*:370800008:aduser2@adtest.qe
:: [   PASS   ] :: Command 'cat ipa_trust_func_user_0017.vOqzFP' (Expected 0,
got 0)
:: [   FAIL   ] :: File 'ipa_trust_func_user_0017.vOqzFP' should contain
'aduser1@adtest.qe'
:: [   PASS   ] :: File 'ipa_trust_func_user_0017.vOqzFP' should contain
'aduser2@adtest.qe'

Expected results:
getent for posix group should show both AD members

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => lslebodn
priority: major => critical
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.3

Patches for #2529 fix this ticket as well,

master:
- ad46350
- 8f9d768

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.12.3

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3566

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata