Are the sssd logs captured with a high enough debug_level in the [sssd]
section of sssd.conf? Normally sssd should detect notifications from
libnetlink and reset the offline status.. It would be nice to see those
and correlate with system logs..
--
You received this bug notification because you a
I think the issue might be different, because the autofs search base is
only read by the domain itself and the domains cannot affect one
another. So I suspect the autofs responder is not moving to another
domain once it finds the auto.master map in the first iteration.
But we need logs to see what
Yes, the bug was that we try to run adcli even if it's not there which
triggers another bug where we leak file descriptors if we fail to run
adcli..
Both were fixed upstream, I'm not sure if Ubuntu already picked up those
patches.. (upstream tickets 3006 and 3017 btw..)
--
You received this bug
Sorry, but in this case, we actually need the logs from the [sssd]
section (since the main sssd process is what dispatches both the libnl
notifications and notifications from the resolv.conf inotify task..)
It would also be nice to look into journal to see when exactly the
network comes up.
btw
I'm not sure I agree with the suggestion. Please note I agree with the
use-case, I'm just not sure if this is the right way of fixing the
problems.
Check out
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
I agree with the reasoning in the article and I think it would make more
s
The message "setautomntent: lookup(sss): setautomntent: No such file or
directory" is not indicative of any bug whasoever. It just means there
are no more entries in this maps.
But in general, I think the most systematic way forward for this kind of
startup races would be to socket-activate the re
Can you paste the strace that shows the pipes setting the wrong umask?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To manage notifications a
As long as there are any maps in the cache, these fixes should help:
https://lists.fedorahosted.org/archives/list/sssd-de...@lists.fedorahosted.org/message/QKU5H4VUCIZ43LBJTRPPK3XWL6CTQNQ4/
(but upstream didn't merge them yet)
--
You received this bug notification because you are a member of Ubu
The bugs were fixed some time ago, you can just cherry-pick the patches
from the stable sssd-1-13 branch.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1590471
Title:
add adcli as sssd dependency
T
This is upstream bug https://fedorahosted.org/sssd/ticket/2962 btw.
** Bug watch added: fedorahosted.org/sssd/ #2962
https://fedorahosted.org/sssd/ticket/2962
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.n
6 is access denied, 4 would be system error :-)
I'm happy the workaround helps you, but it would still be nice to see
the logs. We've had, for example, issues with certain GPO files not
being INI-formatted (some lines were missing the equals sign) and at the
moment sssd can't parse them. Or this c
One though..in AD code we had some issues with GPO policy enforcement. You can
test if its your case by setting:
ad_gpo_access_control = permissive
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/157290
Please follow https://fedorahosted.org/sssd/wiki/Troubleshooting to see
why you're denied access, there is no way for anyone to make an informed
decision without log files.
Also ldap_use_tokengroups = false is likely to have negative performance
impact on your environment.
Lastly, drop ldap_use_t
It's getting confused by the ":". Can you try prefixing the filter with
"DOM:" or "FOREST:" and the name of the forest/domain as well?
See man sssd-ad for examples.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
Here is the most important part of the log:
(Wed Jan 28 15:41:48 2015) [sssd[be[default]]] [sdap_auth4chpass_done]
(0x0020): Changing shadow password attributes not implemented.
The functionality you request is simply not implemented. Because shadow
attributes are inherently insecure and obsolete
Actually filed with SSSD's upstream, not Fedora, despite the hosting
name :)
Thanks!
On Tue, May 27, 2014 at 3:16 PM, Adam <196377e...@bisaro.net> wrote:
> On Thu, 22 May 2014, Jakub Hrozek wrote:
>
>> I agree this is a bug, I would prefer to skip the duplicates as well.
You've filed the bug with sssd's upstream, not fedora despite the
hosting name :-)
Thanks, though!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1321423
Title:
sssd-ldap handles redundant group mem
Can you ldapsearch the server from that particular client machine? Is
that all in the log even with a verbose debug_level in the domain
section?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1322524
T
Hi,
I agree this is a bug, I would prefer to skip the duplicates as well.
Can you open one in the upstream tracker (requires a FAS account):
https://fedorahosted.org/sssd/newticket
Me or any of the other SSSD developers would take it from there.
--
You received this bug notification because yo
Hi,
Can you bring this issue up on the sssd-devel list so it can be
discussed with other developers as well? Or open an upstream ticket.
I don't like the idea of trying all principals in the keytab, simply
because it would be uneffective, but I would personally be fine with
using the same code th
ldap_group_object_class = top is not the right choice, it matches /all/
objects by default, why not use 'group' ?
See
https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20with%20a%20Windows%202008%20Domain%20Server
Or the version for the AD provider:
https://fedorahosted.or
Hi,
I'm sorry about the problem you hit, however, I need some more
information to diagnose the problem.
First, I wonder if using the AD back end would suit your setup better since you
seem to be using AD on the server side. Check out some introduction to the AD
provider here:
https://jhrozek.li
The issue filed in RHBZ was affecting local users (as in, present in
/etc/passwd) who invoked sudo rules stored in LDAP. Is that your case?
Anyhow, this smells more like a sudo issue rather than sssd.. (I'm not
dismissing the problem, just saying..)
--
You received this bug notification because
Timo, libini (a component of ding-libs) should be stripping the trailing
whitespace. This was a known upstream bug fixed in
7a2eb259b2e22ce5e2395fbf578b5fef57667489 in ding-libs.
There is a number of pending patches upstream, when those are reviewed,
a new ding-libs release will be done.
Sorry fo
Not documenting the sbus_timeout is actually on purpose - these options
are very low-level and in general only useful to developers, so we
decided a long time ago that we don't want them to be documented. They
were just confusing users.
The SBus is a wrapper around DBus calls that we are using in
Sure, getent group and groups should yield the same results, the are
just a different ways of reaching the same information -- getent group
retrieves members of a group, groups performs an
initgroups operation that retrieves the groups the user is a member of.
I think we should debug the informa
Ouch, thanks for pointing that out. Unfortunately that chapter is
completely broken and lists multiple options that don't exist or are
misnamed..
I filed https://bugzilla.redhat.com/show_bug.cgi?id=856502 to track
this. I usually find the RHEL documentation is more accurate (or maybe
let's say sta
Without the SSSD logs it's hard to tell for certain, but I suspect this
is caused by enumerate=True in the sssd.conf config file.
The reason why the groups seemingly appear after about ten seconds is
that after the SSSD provider starts up, the enumerate task is scheduled.
In general, it *should* b
I suspect that you are hitting upstream bug
https://fedorahosted.org/sssd/ticket/1436 that was fixed in the upstream
release 1.9.0 beta 7 (commit bdbf4f169e4d5d00b0616df19f7a55debb407f78)
I'm not sure where the "domain_type" comes from, the SSSD has no option
called domain_type. If it fixed your p
Hi,
the FreeIPA upstream already got rid of acutil in favor of python-dns:
http://osdir.com/ml/freeipa-devel/2012-05/msg00076.html
I've created an upstream bug
https://fedorahosted.org/freeipa/ticket/2766 on the ntpdate -U issue.
Feel free to submit a patch :-)
** Bug watch added: fedorahosted.or
My guess based on the comments in this bug report is that the bug is not
in sssd itself, but rather either openldap or moznss.
That said, please don't change the default of ldap_tls_reqcert to allow.
That would mean even untrusted certificates would be allowed.
--
You received this bug notificat
Hi,
The core file appears to be truncated:
root@ubuntu-vm:~# dpkg -l sssd sssd-dbgsym
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name
Hi,
I think I should follow up because I was the one answering the original
question on the upstream maling list..
Did you have a chance to check if the actual error you were getting is
related to any of the HBAC fixes I referenced?
I think it would still be prudent if Ubuntu backported the fixe
Sorry Richard, I should have explained myself in greater detail. A core
file is a file that contains a memory dump of a program at a time it
crashed. It is very useful for debugging the crash.
On some systems (production systems in general), generating core files
is disabled, as they can potential
Richard,
are you running 1.5.7 from the PPA? I skimmed through the upstream bugs
fixed since 1.5.7 and I could not see any crasher bugs. It would be very
helpful if you could grab a core file and attach it either here or even
to upstream bug tracker (https://fedorahosted.org/sssd/).
--
You recei
35 matches
Mail list logo
