Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla: Bug 1708247
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
+++ This bug was initially created as a clone of Bug #1707959 +++ Description of problem: sssd does not properly check GSS-SPNEGO Version-Release number of selected component (if applicable): sssd-1.16.2-13.el7 How reproducible: Always Steps to Reproduce: 1. id_provider = ad ldap_sasl_mech = GSS-SPNEGO Actual results: (Mon May 6 12:38:25 2019) [sssd[be[ad.example.local]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSS-SPNEGO, user: AAA-B-CCCC-DDD$ (Mon May 6 12:38:25 2019) [sssd[be[ad.example.local]]] [ad_sasl_log] (0x0040): SASL: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate) (Mon May 6 12:38:25 2019) [sssd[be[ad.example.local]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] (Mon May 6 12:38:25 2019) [sssd[be[ad.example.local]]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)] (Mon May 6 12:38:25 2019) [sssd[be[ad.example.local]]] [sdap_cli_connect_recv] (0x0040): Unable to establish connection [1432158226]: Authentication Failed Expected results: Work Additional info: It looks that SSSD does check for 'GSSAPI' explicitly at some places, e.g. to determine if it needs a Kerberos ticket for the user trying to bind to LDAP. So 'GSS-SPNEGO' is simple not checked and has to be added. --- Additional comment from RHEL Product and Program Management on 2019-05-08 19:11:53 UTC --- Since this bug report was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1708247
Metadata Update from @jhrozek: - Issue assigned to sbose
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1708247, https://bugzilla.redhat.com/show_bug.cgi?id=1707959 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1708247)
Issue linked to Bugzilla: Bug 1707959
PR: https://github.com/SSSD/sssd/pull/813
Metadata Update from @sbose: - Custom field patch adjusted to on
Commit 070f22f relates to this ticket
Commit 3b89934 relates to this ticket
master: 070f22f 3b89934 sssd-1-16: 373b113 f5d031b
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4977
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.