On (14/10/17 01:42), Daniel Bryan wrote:
Hello, I noticed some of our users having linux authentication issues
recently. Upon further digging it happened when a GPO was applied to the
same OU these linux servers belonged to. The debug logs said there was an
error due to a missing equal sign. I tracked down the policy and looked at
the ini file and instantly noticed it differed from the normal format.
*Many of our GPOs are in the format of:*
[section]
key=value
*But this one was like:*
saltminion",2,"D:AR(A;;CCLCSWLOCRRC;;;AU(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;LA)(A;;CCLCSWL
It is already fixed in 1.14.0+
https://pagure.io/SSSD/sssd/issue/2751
and patch is also in upstream 1.13 branch
https://pagure.io/SSSD/sssd/c/15924374f6a4f190027f53e139f4582c4715ba7b
But it requires also patched version of ding-libs package.
LS