Ubuntu
sssd package

SSSD authentication fails against AD on Samba4 domain controller host

Bug #1597916 reported by Tuomas Jormola
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
Fix Released
Medium
Unassigned
Xenial
Won't Fix
Medium
Unassigned
Yakkety
Won't Fix
Medium
Unassigned

Bug Description

When SSSD is run on a server that hosts an AD domain controller powered by Samba4, all authentication attempts will fail if SSSD is configured to use the said AD DC as backend and access_provider = ad is specified in the SSSD configuration. No problems with authentication other servers with the same SSSD setup, it'll fail just for the host running the DC.

This is a known bug documented and fixed with a simple patch available at https://fedorahosted.org/sssd/ticket/2870. Upstream has merged this and will be available in SSSD 1.14 when released.

Please consider merging this patch for the Debian/Ubuntu SSSD packaging. I'd love to see this uploaded to xenial also. Thank you.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: sssd 1.13.4-1ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-28.47-generic 4.4.13
Uname: Linux 4.4.0-28-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: i3
Date: Thu Jun 30 23:48:09 2016
InstallationDate: Installed on 2015-04-16 (441 days ago)
InstallationMedia: Ubuntu-GNOME 15.04 "Vivid Vervet" - Alpha amd64 (20150321)
SourcePackage: sssd
UpgradeStatus: Upgraded to xenial on 2016-04-22 (69 days ago)

Revision history for this message
Tuomas Jormola (tjormola) wrote :
Revision history for this message
Tuomas Jormola (tjormola) wrote :

Fix this this problem is also committed to the 1.13 branch of upstream git.
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=afec2ab750a453c592397f6775ec091e894d89b9

Joshua Powers (powersj)
Changed in sssd (Ubuntu):
status: New → Triaged
Alberto Salvia Novella (es20490446e)
Changed in sssd (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Since Fedorahosted died this is the new link:
https://github.com/SSSD/sssd/commit/afec2ab750a453c592397f6775ec091e894d89b9

Changed in sssd (Ubuntu Xenial):
status: New → Triaged
Changed in sssd (Ubuntu Yakkety):
status: New → Triaged
Changed in sssd (Ubuntu):
status: Triaged → Fix Released
Changed in sssd (Ubuntu Xenial):
importance: Undecided → Medium
Changed in sssd (Ubuntu Yakkety):
importance: Undecided → Medium
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Was in sssd since 1.14 so zesty and later are fixed.
For an SRU I addd bug tasks for Xenial and Yakkety.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The patch seems to apply cleanly to the source as in Xenial.
For the Real SRU more considerations have to take place (clean .pc changes and better changelog and also yakkety), but I have created a ppa [1] to test and want to ask for two things:

1. test the ppa and report if it fixes the issue
2. take a look at the SRU policy [2] and try to provide the SRU teamplate here to assist with the SRU.

[1]: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2805
[2]: https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Triage info: Once the confirmation is here and preferably also the SRU template this should get to server-next.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Sorry about the delay on this. Unfortunately, Yakkety is EOL and Xenial entered its ESM period, so I am marking this bug as Won't Fix for both tasks.

Changed in sssd (Ubuntu Xenial):
status: Triaged → Won't Fix
Changed in sssd (Ubuntu Yakkety):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.