Learn more about these different git repos.
Other Git URLs
The setup: IPA Server 4.6.4-10.el7_6.2. with trust against Windows 2008 R2, IPA client 4.6.4-10.el7_6.2
The problem:
[root@rhelclient01 ~]# id test2 uid=1248201106(test2@myaddomain.de) gid=1248201106(test2@myaddomain.de) groups=1248201106(test2@myaddomain.de),1248200513(domain users@myaddomain.de)
When I put an ID view for that user in IPA and only put in the UID value it works fine, as well:
[root@rhelclient01 ~]# id test2 uid=1001(test2@myaddomain.de) gid=1248201106(test2@myaddomain.de) groups=1248201106(test2@myaddomain.de),1248200513(domain users@myaddomain.de)
But when I fill in the 1001 for the GID value in the user is not visible from the client anymore [root@rhelclient01 ~]# id test2 id: test2: no such user
In sssd logfiles I see in the good case: [ipa_s2n_get_acct_info_send] (0x0400): Sending request_type: [REQ_FULL_WITH_MEMBERS] for trust user [test2] to IPA server
... and in the bad case: [ipa_s2n_get_acct_info_send] (0x0400): Sending request_type: [REQ_FULL_WITH_MEMBERS] for trust user [S-1-5-21-653292258-51847207-622671684-1129] to IPA server
In summary: when the GID value is set in ID view, sssd tries to fetch the user by SID instead of username. This happens ONLY when GID value is set, all other ID view fields seems to work fine
It is hard to say without seeing the logs, but does the issue sound like https://bugzilla.redhat.com/show_bug.cgi?id=1644902 and/or https://github.com/SSSD/sssd/pull/693?
In other words, does the overriden GID resolve to anything?
Unfortunately my case seems to be something completely different:
When I try to override the GID the user can not be found at all anymore for some reason. So the overriden GID cannot resolve to anything
What I meant by 'resolve to anything' was if the GID override is set maybe to a value of an existing IPA group.
I tried both and it seems to make no difference.
As soon as I set any GID value in the override, sssd tries to search for a user with the value of the SID of the user instead of the username... and can not find the user anymore
I have an IPA Server/Client/AD running as a test environment in Azure. If you are interested I can put your public key on the VMs, so you can easily validate the issue.
Metadata Update from @pbrezina: - Issue tagged with: Future milestone
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4921
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.