Learn more about these different git repos.
Other Git URLs
This is a clone for Bug 1170300.
Description of problem: This is a regression of bz1070924 Version-Release number of selected component (if applicable): ipa-server-4.1.0-10.el7.x86_64 How reproducible: Steps to Reproduce: 1. Setup trust with AD having a child domain 2. Disable child domain trust 3. ssh as user from child AD domain Actual results: [root@vm-idm-032 ~]# ssh -l "aduser1@pune.adtest.qe" $(hostname) "echo 'login successful'" aduser1@pune.adtest.qe@vm-idm-032.steeve0312.test's password: login successful [root@vm-idm-032 ~]# ipa trustdomain-disable adtest.qe pune.adtest.qe -------------------------------------- Disabled trust domain "pune.adtest.qe" -------------------------------------- [root@vm-idm-032 ~]# ipa trustdomain-find adtest.qe Domain name: adtest.qe Domain NetBIOS name: ADTEST Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879 Domain enabled: True Domain name: pune.adtest.qe Domain NetBIOS name: PUNE Domain Security Identifier: S-1-5-21-91314187-2404433721-1858927112 Domain enabled: False ---------------------------- Number of entries returned 2 ---------------------------- [root@vm-idm-032 ~]# ipa trust-show adtest.qe --all | grep S-1-5-21-91314187-2404433721-1858927112 SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-21-91314187-2404433721-1858927112, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 [root@vm-idm-032 ~]# sleep 90 ; ssh -l "aduser1@pune.adtest.qe" $(hostname) "echo 'login successful'" aduser1@pune.adtest.qe@vm-idm-032.steeve0312.test's password: login successful [root@vm-idm-032 ~]# sleep 30 ; ssh -l "aduser1@pune.adtest.qe" $(hostname) "echo 'login successful'" aduser1@pune.adtest.qe@vm-idm-032.steeve0312.test's password: login successful Expected results: Access should be rejected for AD user from disabled domain Additional info:
This one should be fixed early - moving to 1.12.3.
milestone: NEEDS_TRIAGE => SSSD 1.12.3 priority: major => critical
Fields changed
patch: 0 => 1
master: 956dbef
resolution: => fixed status: new => closed
Metadata Update from @mkosek: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.12.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3577
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.