#2524 getent fails for posix group with AD users after login
Closed: Fixed None Opened 4 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1171383

Description of problem:
After AD users login to ipa client, getent for that AD users group should show
the users as members of that group

Version-Release number of selected component (if applicable):
sssd-1.12.2-28.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Install IPA
2. Add Trust with AD
3. Add AD users to a Posix group via an external group
4. Login as AD users on the ipa client
5. Check getent for the posix group

Actual results:
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:
:: [   LOG    ] :: ipa_trust_func_user_0017: ipa group shows ad users fully
qualified
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:

:: [  BEGIN   ] :: Running 'ssh_with_password aduser1@adtest.qe
vm-idm-044.stv1911.test Secret123'
:: [ 13:39:19 ] :: Running: ssh -l "aduser1@adtest.qe" vm-idm-044.stv1911.test
"echo 'login successful'
:: [ 13:39:24 ] :: ssh login successful
:: [   PASS   ] :: Command 'ssh_with_password aduser1@adtest.qe
vm-idm-044.stv1911.test Secret123' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ssh_with_password aduser2@adtest.qe
vm-idm-044.stv1911.test Secret123'
:: [ 13:39:25 ] :: Running: ssh -l "aduser2@adtest.qe" vm-idm-044.stv1911.test
"echo 'login successful'
:: [ 13:39:28 ] :: ssh login successful
:: [   PASS   ] :: Command 'ssh_with_password aduser2@adtest.qe
vm-idm-044.stv1911.test Secret123' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'sleep 10'
:: [   PASS   ] :: Command 'sleep 10' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent group tgroup5 >
ipa_trust_func_user_0017.vOqzFP 2>&1'
:: [   PASS   ] :: Command 'getent group tgroup5 >
ipa_trust_func_user_0017.vOqzFP 2>&1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'cat ipa_trust_func_user_0017.vOqzFP'
tgroup5:*:370800008:aduser2@adtest.qe
:: [   PASS   ] :: Command 'cat ipa_trust_func_user_0017.vOqzFP' (Expected 0,
got 0)
:: [   FAIL   ] :: File 'ipa_trust_func_user_0017.vOqzFP' should contain
'aduser1@adtest.qe'
:: [   PASS   ] :: File 'ipa_trust_func_user_0017.vOqzFP' should contain
'aduser2@adtest.qe'

Expected results:
getent for posix group should show both AD members

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => lslebodn
priority: major => critical
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.3

Patches for #2529 fix this ticket as well,

master:
- ad46350
- 8f9d768

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.12.3

2 years ago

Login to comment on this ticket.

Metadata