This bug was fixed in the package sssd - 1.16.1-1ubuntu1.2
---
sssd (1.16.1-1ubuntu1.2) bionic; urgency=medium
* d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of
crond for Debian and Ubuntu (LP: #1572908)
-- Victor Tapia Wed, 27 Feb 2019 14:53:11
+0100
**
This bug was fixed in the package sssd - 1.13.4-1ubuntu1.14
---
sssd (1.13.4-1ubuntu1.14) xenial; urgency=medium
* d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of
crond for Debian and Ubuntu (LP: #1572908)
-- Victor Tapia Mon, 11 Mar 2019 15:30:35
+0100
This bug was fixed in the package sssd - 1.16.3-1ubuntu2.1
---
sssd (1.16.3-1ubuntu2.1) cosmic; urgency=medium
* d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of
crond for Debian and Ubuntu (LP: #1572908)
-- Victor Tapia Wed, 27 Feb 2019 15:57:53
+0100
**
This bug was fixed in the package sssd - 1.16.3-3ubuntu1.1
---
sssd (1.16.3-3ubuntu1.1) disco; urgency=medium
* d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of
crond for Debian and Ubuntu (LP: #1572908)
-- Victor Tapia Mon, 11 Mar 2019 13:48:26
+0100
**
# VERIFICATION: XENIAL
- Before the upgrade, the cron job does not run:
ubuntu@xenial-sssd-ad:~$ dpkg -l | grep sssd
ii sssd 1.13.4-1ubuntu1.13
amd64System Security Services Daemon -- metapackage
ii sssd-ad 1
# VERIFICATION: DISCO
- Before the upgrade, the cron job does not run:
ubuntu@disco-sssd-ad:~$ date
Mon May 6 11:30:29 UTC 2019
ubuntu@disco-sssd-ad:~$ tail /var/log/syslog | grep -i cron
May 6 11:30:02 disco-sssd-ad cron[690]: Permission denied
May 6 11:30:02 disco-sssd-ad CRON[14325]: Permiss
# VERIFICATION: COSMIC
- Before the upgrade, the cron job does not run:
ubuntu@cosmic-sssd-ad:~$ tail /var/log/syslog | grep -i cron
May 6 12:02:01 cosmic-sssd-ad cron[18740]: Permission denied
May 6 12:02:01 cosmic-sssd-ad CRON[18771]: Permission denied
ubuntu@cosmic-sssd-ad:~$ date
Mon May
# VERIFICATION: BIONIC
- Before the upgrade, the cron job does not run:
ubuntu@bionic-sssd-ad:~$ dpkg -l|grep sssd
ii sssd 1.16.1-1ubuntu1.1
amd64System Security Services Daemon -- metapackage
ii sssd-ad 1.1
Hello Franz, or anyone else affected,
Accepted sssd into cosmic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/sssd/1.16.3-1ubuntu2.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.
Sponsored for D/C/B/X.
Thanks Victor !
** Changed in: sssd (Ubuntu Xenial)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron
# Pending SRU page :
xenial
Package -release-updates-proposed (signer, creator)
changelog bugs days
sssd1.13.4-1ubuntu1 1.13.4-1ubuntu1.12 1.13.4-1ubuntu1.13 (ahasenack)
1722936 1793882 52
I left an irc message to andreas for him to have a look.
The above
This bug was fixed in the package sssd - 1.16.3-3ubuntu2
---
sssd (1.16.3-3ubuntu2) eoan; urgency=medium
* d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of
crond for Debian and Ubuntu (LP: #1572908)
-- Victor Tapia Mon, 23 Apr 2019 13:48:26
+0100
** Chang
Sponsored for 'eoan', considering the patch is merged upstream and
already part of debian.
Nitpick:
- Rename quilt patch d/p/GPO_CROND-customization.diff to
d/p/GPO_CROND-customization.patch
- Rework the DEP3 header
Note for next sponsoring (Disco debdiff) I haven't look others yet.
A quick look
The fix is included in sssd 1.16.4, currently in debian experimental
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron:account): Access denied for user
To manage not
** Also affects: sssd (Ubuntu Eoan)
Importance: Medium
Assignee: Victor Tapia (vtapia)
Status: In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss
** Patch added: "eoan-sssd-gpo.debdiff"
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5258263/+files/eoan-sssd-gpo.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/15
note: waiting until after disco release to upload this due to freeze.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron:account): Access denied for user
To manage no
** Description changed:
[Impact]
SSSD has GPO_CROND set to "crond" in its code while Debian/Ubuntu use
"cron" as a PAM service. This difference makes AD users have cron
blocked by default, instead of having it enabled.
[Test Case]
- With an Active Directory user created (e.g.
** Changed in: sssd (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: sssd (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: sssd (Ubuntu Cosmic)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, whi
** Tags added: sts-sponsor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron:account): Access denied for user
To manage notifications about this bug go to:
https://b
The attachment "disco-sssd-gpo.debdiff" seems to be a debdiff. The
ubuntu-sponsors team has been subscribed to the bug report so that they
can review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and
** Patch added: "bionic-sssd-gpo.debdiff"
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5245457/+files/bionic-sssd-gpo.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bug
** Tags added: sts
** Patch added: "disco-sssd-gpo.debdiff"
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5245455/+files/disco-sssd-gpo.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
** Patch added: "cosmic-sssd-gpo.debdiff"
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5245456/+files/cosmic-sssd-gpo.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bug
** Patch added: "xenial-sssd-gpo.debdiff"
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5245458/+files/xenial-sssd-gpo.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bug
** Description changed:
[Impact]
SSSD has GPO_CROND set to "crond" in its code while Debian/Ubuntu use
"cron" as a PAM service. This difference makes AD users have cron
blocked by default, instead of having it enabled.
[Test Case]
- With an Active Directory user created (e.g.
** Changed in: sssd (Ubuntu Disco)
Status: Expired => Confirmed
** Changed in: sssd (Ubuntu Disco)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Titl
** Description changed:
+ [Impact]
+
+ SSSD has GPO_CROND set to "crond" in its code while Debian/Ubuntu use
+ "cron" as a PAM service. This difference makes AD users have cron
+ blocked by default, instead of having it enabled.
+
+ [Test Case]
+
+ - With an Active Directory user created (e.g.
As johannes-martin pointed out default value for ad_gpo_map_batch
doesn't work on Ubuntu Xenial and newer because cron service runs as
cron not crond.
Solution to this issue would be listing cron as PAM service name and
restarting sssd.
ad_gpo_map_batch = +cron
--
You received this bug notifica
According to man sssd-ad, the default configuration of sssd should allow cron
jobs to be run:
---
ad_gpo_map_batch (string)
A comma-separated list of PAM service names for which GPO-based
access control is evaluated based on the BatchLogonRight and
DenyBatchLogonRight policy se
I am getting the same error. It looks like the below site ha expired:
https://fedorahosted.org/sssd/wiki/Troubleshooting
Please suggest.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
[Expired for sssd (Ubuntu) because there has been no activity for 60
days.]
** Changed in: sssd (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Tit
This seems to be the current troubleshooting guide:
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
Please obtain relevant log files and attach them to this bug, otherwise
we won't be able to make progress.
Thanks
** Changed in: sssd (Ubuntu)
Status: Confirmed => Incomplete
Is it possible to use local user access control for cron with
/etc/security/access.conf?
+ : username : cron crond : ALL
Presuming I need to do this:
/etc/pam.d/cron:account required pam_access.so
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
Same problem on xubuntu 16.10 incl. all updates.
Cronjob throws 'no permission' error.
Had to do both:
- create /var/lib/sss/gpo_cache/domain.lan
and add
- ad_gpo_access_control = permissive to sssd.conf
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is sub
just create /var/lib/sss/gpo_cache/ and chmod it, sssd should be able to
create the subdirectory
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron:account): Access de
Check if you have /var/lib/sss/gpo_cache/test.at directory. I had to
crate manually both gpo_cache and mydomain.
mkdir -pv /var/lib/sss/gpo_cache/test.at
chown -R sssd. /var/lib/sss/gpo_cache
systemctl restart sssd
--
You received this bug notification because you are a member of Ubuntu
Bugs, wh
reopening
** Changed in: sssd (Ubuntu)
Status: Invalid => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron:account): Access denied for user
To man
6 is access denied, 4 would be system error :-)
I'm happy the workaround helps you, but it would still be nice to see
the logs. We've had, for example, issues with certain GPO files not
being INI-formatted (some lines were missing the equals sign) and at the
moment sssd can't parse them. Or this c
On 05/03/2016 06:27 AM, Robie Basak wrote:
> Thank you for helping with this Jakub. From Franz's response I presume
> this issue is now resolved? Setting this bug as Invalid accordingly. If
> this is incorrect please feel free to open with an explanation.
>
> ** Changed in: sssd (Ubuntu)
>
Thank you for helping with this Jakub. From Franz's response I presume
this issue is now resolved? Setting this bug as Invalid accordingly. If
this is incorrect please feel free to open with an explanation.
** Changed in: sssd (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug
ad_gpo_access_control = permissive
works
now my user cronjobs works again
thx
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron:account): Access denied for user
To
One though..in AD code we had some issues with GPO policy enforcement. You can
test if its your case by setting:
ad_gpo_access_control = permissive
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/157290
Please follow https://fedorahosted.org/sssd/wiki/Troubleshooting to see
why you're denied access, there is no way for anyone to make an informed
decision without log files.
Also ldap_use_tokengroups = false is likely to have negative performance
impact on your environment.
Lastly, drop ldap_use_t
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: sssd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-
45 matches
Mail list logo
