Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1431858
Description of problem: sssd tries to find most suitable principal from keytab. We need to use UPN with AD provider and it should be maximally 15 upper case letters from hostname e.g. hostname = kvm-02-guest20kvm-02-guest20.sssd.com@SSSDAD.COM UPN = KVM-02-GUEST20K$@SSSDAD.COM Version-Release number of selected component (if applicable): sh$ rpm -q sssd sssd-1.14.0-43.el7_3.11.x86_64 How reproducible: Deterministic Steps to Reproduce: 1. set hostname longer then 15 characters 2. join sssd to ad domain 3. start sssd 4. try to resolve some users Actual results: Users are not resolved Expected results: Users are resolved. Additional info: (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [ad_set_sdap_options] (0x0100): Option krb5_realm set to SSSDAD.COM (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [sdap_set_sasl_options] (0x0100): Will look for kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM in default keytab (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [find_principal_in_keytab] (0x4000): Trying to find principal kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM in keytab. (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [find_principal_in_keytab] (0x0400): No principal matching kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM found in keytab. (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [find_principal_in_keytab] (0x4000): Trying to find principal KVM-02-GUEST20KVM-02-GUEST20$@SSSDAD.COM in keytab. (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [find_principal_in_keytab] (0x0400): No principal matching KVM-02-GUEST20KVM-02-GUEST20$@SSSDAD.COM found in keytab. (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [find_principal_in_keytab] (0x4000): Trying to find principal host/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM in keytab. (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [match_principal] (0x1000): Principal matched to the sample (host/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM). (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [select_principal_from_keytab] (0x0200): Selected primary: host/kvm-02-guest20kvm-02-guest20.sssdad.com (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [select_principal_from_keytab] (0x0200): Selected realm: SSSDAD.COM (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to host/kvm-02-guest20kvm-02-guest20.sssdad.com (Mon Mar 13 17:19:41 2017) [sssd[be[sssdad.com]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to SSSDAD.COM sh# klist -kt Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 2 03/13/2017 17:18:57 KVM-02-GUEST20K$@SSSDAD.COM 2 03/13/2017 17:18:57 KVM-02-GUEST20K$@SSSDAD.COM 2 03/13/2017 17:18:57 KVM-02-GUEST20K$@SSSDAD.COM 2 03/13/2017 17:18:57 KVM-02-GUEST20K$@SSSDAD.COM 2 03/13/2017 17:18:57 KVM-02-GUEST20K$@SSSDAD.COM 2 03/13/2017 17:18:57 KVM-02-GUEST20K$@SSSDAD.COM 2 03/13/2017 17:18:57 host/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:57 host/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:57 host/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:57 host/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:57 host/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:57 host/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:58 host/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 host/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 host/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 host/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 host/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 host/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/KVM-02-GUEST20K@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM 2 03/13/2017 17:18:58 RestrictedKrbHost/kvm-02-guest20kvm-02-guest20.sssdad.com@SSSDAD.COM
Metadata Update from @lslebodn: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1431858
Metadata Update from @lslebodn: - Custom field patch adjusted to on - Custom field version adjusted to 1.10.0 - Issue set to the milestone: None
https://github.com/SSSD/sssd/pull/193
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.15.3
Metadata Update from @jhrozek: - Issue priority set to: blocker
master:
sssd-1-14:
sssd-1-13:
Metadata Update from @lslebodn: - Issue assigned to lslebodn - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4360
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.