Bug#965307: marked as done (sssd-ad: Login issues with SSSD 2.3 for AD back end)

Tue, 28 Jul 2020 07:39:55 -0700 

Your message dated Tue, 28 Jul 2020 14:36:49 +0000
with message-id <[email protected]>
and subject line Bug#965307: fixed in sssd 2.3.1-1
has caused the Debian Bug report #965307,
regarding sssd-ad: Login issues with SSSD 2.3 for AD back end
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
965307: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965307
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: sssd
Version: 2.3.0-2
Severity: grave
Justification: renders package unusable

This locks me out of my systems.

    $ sudo -l
    [sudo] password for [email protected]: 
    Sorry, try again.
    [sudo] password for [email protected]: 
    Sorry, try again.
    [sudo] password for [email protected]: 
    sudo: 3 incorrect password attempts

Each authentication attempt logs the following in sssd_pam.log:

    (2020-07-16 18:08:38): [pam] [sysdb_search_user_by_upn_res] (0x0040): 
Search for upn [[email protected]] returns more than one result. One 
of the possible reasons can be that several users share the same email address.
    (2020-07-16 18:08:38): [pam] [sysdb_search_user_by_upn] (0x0040): Error: 22 
(Invalid argument)
    (2020-07-16 18:08:38): [pam] [sysdb_initgroups_by_upn] (0x0040): 
sysdb_search_user_by_upn() failed.
    (2020-07-16 18:08:38): [pam] [cache_req_search_cache] (0x0020): CR #12: 
Unable to lookup [[email protected]] in cache [22]: Invalid argument
    (2020-07-16 18:08:38): [pam] [pam_check_user_search_next] (0x0020): Fatal 
error, killing connection!

My user exists in an Active Directory domain that has a one-way trust
established via FreeIPA.

We do indeed have several users with the same email address. That's
(until now) been a perfectly valid setup (one human has several accounts
for performing different roles and they all have the same email
address).

Downgrading to 2.2.3-3 fixes the problem. It's necessary to remove the
sssd database after downgrading.

I've had a quick scan of the commits between 2.2.3 and 2.3.0 and
nothing's jumped out at me yet. I'll take another look later...

-- System Information:
Debian Release: 10.3
  APT prefers stable-debug
  APT policy: (570, 'stable-debug'), (570, 'stable'), (550, 'testing-debug'), 
(550, 'testing'), (530, 'unstable-debug'), (530, 'unstable'), (500, 
'stable-updates'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default

Versions of packages sssd depends on:
ii  python3-sss  2.3.0-2
ii  sssd-ad      2.3.0-2
ii  sssd-common  2.3.0-2
ii  sssd-ipa     2.3.0-2
ii  sssd-krb5    2.3.0-2
ii  sssd-ldap    2.3.0-2
ii  sssd-proxy   2.3.0-2

sssd recommends no packages.

sssd suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: sssd
Source-Version: 2.3.1-1
Done: Timo Aaltonen <[email protected]>

We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated sssd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Jul 2020 17:14:55 +0300
Source: sssd
Architecture: source
Version: 2.3.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian SSSD Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Closes: 965143 965307
Changes:
 sssd (2.3.1-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #965307, #965143)
   * source: Extend diff-ignore.
   * rules: Set --with-libwbclient.
   * control: Add libsofthsm2 to build-depends for tests.
Checksums-Sha1:
 d2e05108cde8b08ff386d6a6d30889802b7f37bb 4928 sssd_2.3.1-1.dsc
 1353876df07b64254bb3019e0911b540a060cc21 7186526 sssd_2.3.1.orig.tar.gz
 ba5b24781b3a2dfcb195e36d1cd55795b71bc674 488 sssd_2.3.1.orig.tar.gz.asc
 f6cdfc79b52b5f56e445bf47819f6d109d26878b 33648 sssd_2.3.1-1.debian.tar.xz
 a644acb35b2875c02e0fb9902e12e36cfaa0a8f7 9728 sssd_2.3.1-1_source.buildinfo
Checksums-Sha256:
 3561855491a932d4d386e4984fcba7973102036fbcaeb842ba13486807bd0c61 4928 
sssd_2.3.1-1.dsc
 ef8b047e6d0452a585862dffd16db725ac828e0d3fb594a8dea6d2f24a61ad17 7186526 
sssd_2.3.1.orig.tar.gz
 3f27794eb65402242ae178ee73d37a3ed28811dff83166c4eeb62f333acf5625 488 
sssd_2.3.1.orig.tar.gz.asc
 d86cfd7850da4e73a9a85865dc2c952bc0d5776b7c0319998ed520549235d854 33648 
sssd_2.3.1-1.debian.tar.xz
 a702a5846d7e2c1b9b0c79114003e8ba1bc37fa6c69f83c5868c7334c7151062 9728 
sssd_2.3.1-1_source.buildinfo
Files:
 225da94aba2716a11f64edddfb2c8180 4928 utils optional sssd_2.3.1-1.dsc
 01aa67abc5e9237272bad653bdec5933 7186526 utils optional sssd_2.3.1.orig.tar.gz
 d222349e9d5d15736d15cd49cd3799e1 488 utils optional sssd_2.3.1.orig.tar.gz.asc
 8dafc7a2031728cb1401e48213f78470 33648 utils optional 
sssd_2.3.1-1.debian.tar.xz
 476bb71bcd8c37590fef5924fa7702aa 9728 utils optional 
sssd_2.3.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAl8gMu8ACgkQy3AxZaiJ
hNzFTQ//e5tzUuTr09c4gXfh+167YdGB/tMA04O9wXKNkaOcprKg5fzSyXqVrC4i
hKf+7baCjd8Kt9xHOUM9chZ5slaGpiqlP21C9DQN9S8iJbOYrsBdzbRdpNicip60
AvSUWb8qlikZleelJHrrj3gv+Dtjbn0rwxe7vb0VtonG9MZmgwVUBxTwan+C1BJY
Yhni939D8KQk6GydNNt8K7ZP7hC/mBH4d3IZCLp1s7VDImk5ey0zE6zeSiU8/UbO
LiNwqEK92kch3bJVzH4DXAmqF3ZHaGcJK8KctixtwifgmzeN/qQcf1ak0YsRbI1q
aWw91K8n8p55UIyhw6NnnEMGAjchNz1427BJSo89NEkN9AL3V8HQYnMEreBFFlca
EEbPSiiEr/N/Gk5jcBy/sGqI8ZUmBit8bVceKduQZVzeAQ4aaJYmiVUFpBsNdYNp
d3djjMX03nmS2282NQkaY+hv+K0svwC+mUT/BtyOVbZe2lgnvwVtQYzjf9aw379V
j4x6h+n5FFCBRtR5ZIlfdWKRYSx1t09RjhL7Sz0eLG4dN3SZ85CRxIsmNld4ffyV
7s7qAG8BidAqQ+9beeD2krdekcZn22Y86zJpn8TrduKlAskMPNXBvAUsY3Z6G/6p
abObFJblGRoqU1A6nl1Yqdma1rJ5WCIGWKrzqqFQM8D7P6DMsBY=
=NJMb
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to