Learn more about these different git repos.
Other Git URLs
krb5 srv discovery dosn't work when using auth_provider=krb5 and id_provider=proxy. If I don't specify a krb5_server, sssd complains about:
(Tue Dec 1 18:34:54 2015) [sssd[be[WU]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral (Tue Dec 1 18:34:54 2015) [sssd[be[WU]]] [resolve_srv_send] (0x0040): No SRV lookup plugin is set (Tue Dec 1 18:34:54 2015) [sssd[be[WU]]] [be_resolve_server_done] (0x1000): Server resolution failed: 14 (Tue Dec 1 18:34:54 2015) [sssd[be[WU]]] [be_mark_offline] (0x2000): Going offline!
Config and log are attached.
attachment sssd.log
attachment sssd.conf
I haven't done any tests myself, but after reading the code, it looks like we should call be_fo_set_dns_srv_lookup_plugin() also in krb5 provider initialization.
be_fo_set_dns_srv_lookup_plugin()
btw how to set up a similar sssd.conf can be read here: https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-calling-kinit-with-sssds-help/
I think Petr could fix this easily in 1.14 :-)
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1287807 (Red Hat Enterprise Linux 6)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1287807 1287807]
Fields changed
owner: somebody => pcech
milestone: NEEDS_TRIAGE => SSSD 1.14 alpha
status: new => assigned
patch: 0 => 1
How To Reproduce
I configured SSSD client to the FreeIPA by [1].
Important part of SSSD configuration:
[domain/ceti.dev] id_provider = proxy auth_provider = krb5 krb5_server = _srv_ # if alfa.ceti.dev it works krb5_kpasswd = alfa.ceti.dev krb5_realm = CETI.DEV
The bug occurs if you try to log on with kerberos password.
[1] http://blog.oddbit.com/2015/07/16/mapping-local-users-to-kerberos-principals-with-sssd/
_comment0: '''How To Reproduce'''
{{{ [domain/ceti.dev] id_provider = proxy auth_provider = krb5 krb5_server = srv # if alfa.ceti.dev it works krb5_kpasswd = alfa.ceti.dev krb5_realm = CETI.DEV }}}
[1] http://blog.oddbit.com/2015/07/16/mapping-local-users-to-kerberos-principals-with-sssd/ => 1452513644630375
Our downstream needs this patch to be included sooner, moving to 1.13.4
milestone: SSSD 1.14 alpha => SSSD 1.13.4
resolution: => fixed status: assigned => closed
Metadata Update from @bergolth: - Issue assigned to pcech - Issue set to the milestone: SSSD 1.13.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3929
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.