Don’t know if this is related, but for our puppet runs of ‘net ads’, had to add two
environment variables as puppet didn’t set them, but ‘net ads’ expects them:
# Puppet doesnt provide USER and LOGNAME and net ads needs it
export USER="$(id -un)"
export LOGNAME="${USER}"
From: Spike White <spikewhitetx(a)gmail.com>
Sent: Monday, September 16, 2019 3:47 PM
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: [SSSD-users]Re: sssd_be core dumping when ‘realm permit’ command run under puppet
control…
EXTERNAL MAIL:
sssd-users-bounces@lists.fedorahosted.org<mailto:sssd-users-bounces@lists.fedorahosted.org>
All,
This was a case where 'realm permit' of a user was causing a back-end sssd process
(sssd_be) to core dump. (sigsegv). I reported this to this group a few months ago.
We're working this case with the Linux OS vendor. Turns out, if we explicitly add:
ldap_sasl_authid = host/<HOST>@<HOST's REALM>
to each [domain/XXX.COMPANY.COM<http://XXX.COMPANY.COM>] stanza in
/etc/sssd/sssd.conf file, it no longer core dumps.
That is, we have these child AD domains defined in sssd.conf
[domain/AMER.COMPANY.COM<http://AMER.COMPANY.COM>]
[domain/EMEA.COMPANY.COM<http://EMEA.COMPANY.COM>]
[domain/APAC.COMPANY.COM<http://APAC.COMPANY.COM>]
However, our host is registered in only one child domain. Say AMER for a server amerhost1
in North America. So we'd set:
ldap_sasl_authid =
host/amerhost1@AMER.COMPANY.COM<mailto:amerhost1@AMER.COMPANY.COM> in each domain
stanza above.
Why does this prevent sssd_be from core dumping? Not a clue! But sssd performs
flawlessly once this is added.
Spike
On Thu, Aug 8, 2019 at 9:09 AM Spike White
<spikewhitetx@gmail.com<mailto:spikewhitetx@gmail.com>> wrote:
Here is the bugzilla link to the ticket:
https://bugzilla.redhat.com/show_bug.cgi?id=1738375
So it appears a BZ has been created.
Spike
On Tue, Jul 16, 2019 at 3:32 PM Jakub Hrozek
<jhrozek@redhat.com<mailto:jhrozek@redhat.com>> wrote:
On Tue, Jul 16, 2019 at 12:32:29PM -0500, Spike White wrote:
The following case has been opened with RHEL support on this. It
was
opened this morning:
(SEV 4) Case #02427449 ('realm permit group@DOMAIN' causing background
process sssd_be to segfault.)
Thank you, comment added. I hope a BZ would be created soon.
_______________________________________________
sssd-users mailing list --
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
To unsubscribe send an email to
sssd-users-leave@lists.fedorahosted.org<mailto:sssd-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...