#2713 GPO: pam system error returned in enforcing mode with no gpo applied
Closed: Duplicate None Opened 9 years ago by lslebodn.

It is related to dns sites. (as you can see in following part of log file)

[ad_gpo_get_som_attrs_done] (0x4000): gpoptions attr not found or has no value; defaults to 0
[ad_gpo_populate_gplink_list] (0x0400): som_dn: cn=Default-First-Site-Name,cn=Sites,CN=Configuration,DC=sssdad2012,DC=com
[ad_gpo_process_gpo_send] (0x0040): no gpos found
[sdap_id_op_done] (0x4000): releasing operation connection
[ad_gpo_process_gpo_done] (0x0040): Unable to get GPO list: [2](No such file or directory)
[ad_gpo_access_done] (0x0040): GPO-based access control failed.
[be_pam_handler_callback] (0x0100): Backend returned: (3, 4, No such file or directory) [Internal Error (System error)]
[be_pam_handler_callback] (0x0100): Sending result [4][sssdad2012.com]
[be_pam_handler_callback] (0x0100): Sent result [4][sssdad2012.com]

It is a blocker because we would like to enable gpo enforcing mode by default in fedora 22.


sssd domain log file with fulll debug level
sssd_sssdad2012.com.log

This isn't actually related to DNS sites. It's related to the internal LDAP representation of sites. GPO processing has to look for GPOs in the domain, OU and site for the machine.

It should be ignoring any of the three that has no GPO specified.

cc: => sgallagh

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.13.1

This is a duplicate of ticket #2691. They both stem from the fact that the GPO code wasn't properly handling the case where no GPO applied to the machine. Ticket #2691 is a super-set of this case (it also revealed that if a GPO used to be applied and then none are, there's another bug related to removal of the cache).

Both of these tickets are solved by the patch to #2691.

resolution: => duplicate
status: new => closed

Metadata Update from @lslebodn:
- Issue set to the milestone: SSSD 1.13.1

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3754

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Log in to comment on this ticket.

Metadata