#2964 GPO: Access denied after blocking connection to AD.
Closed: Fixed None Opened 3 years ago by lslebodn.

Reproducer:

  • prepare user with GPO
  • authenticate in online mode
  • block connection with firewall to AD

    iptables -F

    iptables -A INPUT -s $AD_SERVER1_IP -j DROP
    iptables -A OUTPUT -d $AD_SERVER1_IP -j DROP

  • try to authenticate with the same user.

Pam system error(4) is returned for fist try:

Feb 25 04:55:17 gs-per720-01 su: pam_sss(su:auth): authentication success; logname= uid=99 euid=0 tty=pts/7 ruser=nobody rhost= user=allow_u-15330@sssdad2012.com
Feb 25 04:55:23 gs-per720-01 su: pam_sss(su:account): Access denied for user allow_u-15330@sssdad2012.com: 4 (System error)

The second attempt works as expected.


It works as expected If I force sssd_be to go into offline mode after blocking connection pkill -USR1 sssd

Fields changed

rhbz: => todo

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 backlog

Fields changed

milestone: SSSD 1.14 backlog => SSSD 1.13.4
owner: somebody => lslebodn
patch: 0 => 1
status: new => assigned

master:

sssd-1-13:

resolution: => fixed
status: assigned => closed

Metadata Update from @lslebodn:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.13.4

2 years ago

Login to comment on this ticket.

Metadata