Your message dated Fri, 26 Jan 2018 09:25:18 +0000
with message-id <[email protected]>
and subject line Bug#888207: fixed in sssd 1.16.0-5
has caused the Debian Bug report #888207,
regarding sssd authentication errors for local users
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
888207: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888207
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sssd
Version: 1.16.0-3
Severity: normal

   * What led up to the situation?

This machine is running debian testing (with sssd 1.16.0-3 installed).
It has a mix of local users and users who log in through sssd.  In the
past the two were compatible.  If local users could log in with their
local password, sss users could log in with their ad password, and if
someone happened to have both accounts they could log in with either
password and would be given their local uid.

Now when users with local accounts authenticate a "System error"
is reported in auth.log.  E.G.

Jan 23 17:05:48 ###### su[22022]: pam_sss(su:auth): received for user
######: 4 (System error)

For users with both sss and local accounts this prevents them from using
their ad passwords.  Local users can still successfully use their local
passwords.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

I have tried reordering various things in nssswitch.conf and the pam
stack, as well as numerious sssd options.

   * What was the outcome of this action?

Nothing I did with pam, nsswitch or the sssd conf files had any affect.
The only clue in the log files is in sssd_pam where there are lines
like:

(Tue Jan 23 17:02:44 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010):
Reply error.
(Tue Jan 23 17:02:44 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [4]: System error.

There are no entries in krb5_child.log, sssd.log, or the domain logs which
correspond to these login attempts.

   * What outcome did you expect instead?

Previously the system would successfully attempt to validate the
credentials for local users, either returning unknown user or checking
the password for local users with ad accounts.

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sssd depends on:
ii  python3-sss  1.16.0-3
ii  sssd-ad      1.16.0-3
ii  sssd-common  1.16.0-3
ii  sssd-ipa     1.16.0-3
ii  sssd-krb5    1.16.0-3
ii  sssd-ldap    1.16.0-3
ii  sssd-proxy   1.16.0-3

sssd recommends no packages.

sssd suggests no packages.

-- debconf-show failed

--- End Message ---
--- Begin Message ---
Source: sssd
Source-Version: 1.16.0-5

We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated sssd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 26 Jan 2018 10:42:17 +0200
Source: sssd
Binary: sssd sssd-common sssd-ad sssd-ad-common sssd-dbus sssd-ipa sssd-kcm 
sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libnss-sss 
libpam-sss libipa-hbac0 libipa-hbac-dev libsss-certmap0 libsss-certmap-dev 
libsss-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev 
libsss-sudo libsss-simpleifp0 libsss-simpleifp-dev libwbclient-sssd 
libwbclient-sssd-dev python-libipa-hbac python-libsss-nss-idmap python-sss 
python3-libipa-hbac python3-libsss-nss-idmap python3-sss
Architecture: source
Version: 1.16.0-5
Distribution: unstable
Urgency: medium
Maintainer: Debian SSSD Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Description:
 libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files
 libipa-hbac0 - FreeIPA HBAC Evaluator library
 libnss-sss - Nss library for the System Security Services Daemon
 libpam-sss - Pam module for the System Security Services Daemon
 libsss-certmap-dev - Certificate mapping library for SSSD -- development files
 libsss-certmap0 - Certificate mapping library for SSSD
 libsss-idmap-dev - ID mapping library for SSSD -- development files
 libsss-idmap0 - ID mapping library for SSSD
 libsss-nss-idmap-dev - SID based lookups library for SSSD -- development files
 libsss-nss-idmap0 - SID based lookups library for SSSD
 libsss-simpleifp-dev - SSSD D-Bus responder helper library -- development files
 libsss-simpleifp0 - SSSD D-Bus responder helper library
 libsss-sudo - Communicator library for sudo
 libwbclient-sssd - SSSD libwbclient implementation
 libwbclient-sssd-dev - SSSD libwbclient implementation -- development files
 python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library
 python-libsss-nss-idmap - Python bindings for the SID lookups library
 python-sss - Python module for the System Security Services Daemon
 python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library
 python3-libsss-nss-idmap - Python3 bindings for the SID lookups library
 python3-sss - Python3 module for the System Security Services Daemon
 sssd       - System Security Services Daemon -- metapackage
 sssd-ad    - System Security Services Daemon -- Active Directory back end
 sssd-ad-common - System Security Services Daemon -- PAC responder
 sssd-common - System Security Services Daemon -- common files
 sssd-dbus  - System Security Services Daemon -- D-Bus responder
 sssd-ipa   - System Security Services Daemon -- IPA back end
 sssd-kcm   - System Security Services Daemon -- Kerberos KCM server implementa
 sssd-krb5  - System Security Services Daemon -- Kerberos back end
 sssd-krb5-common - System Security Services Daemon -- Kerberos helpers
 sssd-ldap  - System Security Services Daemon -- LDAP back end
 sssd-proxy - System Security Services Daemon -- proxy back end
 sssd-tools - System Security Services Daemon -- tools
Closes: 888207
Changes:
 sssd (1.16.0-5) unstable; urgency=medium
 .
   * rules: Disable files domain, it's not useful in Debian. (Closes:
     #888207)
Checksums-Sha1:
 5fcc431363acc55a45aa069a13e7a7f8c90f46f5 4605 sssd_1.16.0-5.dsc
 d8ea5d9cd0e98b9fd2ccbc27a197c2717af39940 50250 sssd_1.16.0-5.diff.gz
Checksums-Sha256:
 23387dbe3c32bc618dccb641f03cbdbfae446a9df95bb4892e7eea74ec4efcd9 4605 
sssd_1.16.0-5.dsc
 81ae5610502e7a325e173cf2031953f5e07a9dc776e052f27e26f81d3008ebdd 50250 
sssd_1.16.0-5.diff.gz
Files:
 1b97a5b1d9bc3c36bbbdb493432534cf 4605 utils extra sssd_1.16.0-5.dsc
 96df34739fc1f2abc31925b01e775ff4 50250 utils extra sssd_1.16.0-5.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJaaun1AAoJEMtwMWWoiYTchzkP/3/9t4k+qO2oJdQ4AhNiWc2C
v4xLw/hnJ5X/1W/X+sv6dtzuBdlVI7JiOCONCt+PiJHDqP6PFFswmybg1PrLf2bR
sgV6sQO92qVT5VLBG2lhfXe9OH4U7rVLP22UFfaem9ggTasNAf5FUDyHbE5SCSXr
9cKMnFuNX7+wwFvanHFsxoAKUq+3jwuTAnlgGUFfE9fgIb89PsW+PnOXv4JrF4tI
PR5mTwxl6g31iCw4AnZPew+tY9Y4L5NPA1+UNJaeuiHJfRFC3ZNlHr2Ggy4KP0mN
y53jUbtiz/l3zoCxXJtU6uxOLP0nkW5eIS7bmwfuAjI0u3Pnmrp/L2VFYhM9Pwvj
q7sxTbo8ARqf/MCWfubMwgcS0sA/gxxCFPx0+WmkAFHyxDYGkiv//cq5aMTfobqm
Vh1yg590F/fCofB9cdxuGYCSqcqPAYPcANsaBtBGzv4qpVtMibCN38cXrqGfTyX5
kLtOkbcidBWbPRHQP96mlt2aqo8ggtov094Gxg6Tpd8JO7pwnXyHHPxfI9S5RJvD
KyRl/DGrUvyHrjl5urITR8HYjiDR4Bp+/c6mx+JvIG5Wjk/Ek/cEWt0pH1wLIs+S
5fAxmK4Lup0DokLjWGPfmvWNwtfXyToj26g3TIBVOgs7GdO7mR0GSo4zZ7RliMls
knQCht0+jczfbMrvripW
=RNDb
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to