Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1479283
Summary: | proxy to files does not work with implicit_files_domain | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Petr Čech <pcech> |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 26 | CC: | abokovoy, jhrozek, lslebodn, mzidek, pbrezina, rharwood, sbose, ssorce |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.16.0-4.fc25 sssd-1.16.0-5.fc27 sssd-1.16.0-4.fc26 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-12-11 23:22:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Petr Čech
2017-08-08 09:00:01 UTC
I asked Petr to file a ticket so we can track it somewhere. And the best place is fedora 26 due to default implicit_files_domain BTW I woudl prefer to find another solution then setting "default_domain_suffix" which was not required on f25. Because it would return fqnames (user@implicit_files_domain) for local user with default f26 nsswitch.conf. I'm fine with updating the blog post. But I wonder, since several users hit this problem already, if we should look into the configuration during startup (which we already do to see if there is an implicit files domain) and also check for a proxy domain proxying to files -- and if we find one, don't start the implicit domain. After all, the proxy domain is quite similar to the files domain.. (In reply to Jakub Hrozek from comment #3) > I'm fine with updating the blog post. > > But I wonder, since several users hit this problem already, if we should > look into the configuration during startup (which we already do to see if > there is an implicit files domain) and also check for a proxy domain > proxying to files -- and if we find one, don't start the implicit domain. > After all, the proxy domain is quite similar to the files domain.. That partially, make sense but sb need to investigate possible solutions/workarounds :-) Sorry, the current version of sssd on my Fedora 26 is sssd-1.15.3. We've just tested following configuration and it works. $ cat /etc/sssd/sssd.conf [sssd] domains = example.com config_file_version = 2 services = nss,pam [domain/example.com] id_provider = files proxy_lib_name = files auth_provider = krb5 krb5_server = kerberos01.example.com:88 krb5_realm = REDHAT.COM krb5_store_password_if_offline = True cache_credentials = True But on the other hand there might be more users (still on f25) which use proxy to files. Therefore we might disable starting implicit_files_domain after detecting id_provider = proxy (to files) Upstream ticket: https://pagure.io/SSSD/sssd/issue/3590 sssd-1.16.0-4.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-9c7b92556b sssd-1.16.0-5.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-4286c0635d sssd-1.16.0-4.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-9bbe262ea8 master: * 34e5190f9a47e4a2e15d825123b33d42c7e72ccc * 4928657ce937d6b08c79cfe267f206ca2db493c6 * 30621369bbf6c554401a20d84e447f872608bc53 * c987e58316f729f7682aa6843f1337f4a4575e07 sssd-1.16.0-4.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-9bbe262ea8 sssd-1.16.0-4.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-9c7b92556b sssd-1.16.0-5.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-4286c0635d sssd-1.16.0-4.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. sssd-1.16.0-5.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. sssd-1.16.0-4.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. |