Your message dated Fri, 26 Jan 2018 09:25:18 +0000 with message-id <[email protected]> and subject line Bug#888207: fixed in sssd 1.16.0-5 has caused the Debian Bug report #888207, regarding sssd authentication errors for local users to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 888207: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888207 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: sssd Version: 1.16.0-3 Severity: normal * What led up to the situation? This machine is running debian testing (with sssd 1.16.0-3 installed). It has a mix of local users and users who log in through sssd. In the past the two were compatible. If local users could log in with their local password, sss users could log in with their ad password, and if someone happened to have both accounts they could log in with either password and would be given their local uid. Now when users with local accounts authenticate a "System error" is reported in auth.log. E.G. Jan 23 17:05:48 ###### su[22022]: pam_sss(su:auth): received for user ######: 4 (System error) For users with both sss and local accounts this prevents them from using their ad passwords. Local users can still successfully use their local passwords. * What exactly did you do (or not do) that was effective (or ineffective)? I have tried reordering various things in nssswitch.conf and the pam stack, as well as numerious sssd options. * What was the outcome of this action? Nothing I did with pam, nsswitch or the sssd conf files had any affect. The only clue in the log files is in sssd_pam where there are lines like: (Tue Jan 23 17:02:44 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error. (Tue Jan 23 17:02:44 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. There are no entries in krb5_child.log, sssd.log, or the domain logs which correspond to these login attempts. * What outcome did you expect instead? Previously the system would successfully attempt to validate the credentials for local users, either returning unknown user or checking the password for local users with ad accounts. *** End of the template - remove these template lines *** -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-3-amd64 (SMP w/24 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sssd depends on: ii python3-sss 1.16.0-3 ii sssd-ad 1.16.0-3 ii sssd-common 1.16.0-3 ii sssd-ipa 1.16.0-3 ii sssd-krb5 1.16.0-3 ii sssd-ldap 1.16.0-3 ii sssd-proxy 1.16.0-3 sssd recommends no packages. sssd suggests no packages. -- debconf-show failed
--- End Message ---
--- Begin Message ---Source: sssd Source-Version: 1.16.0-5 We believe that the bug you reported is fixed in the latest version of sssd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <[email protected]> (supplier of updated sssd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 26 Jan 2018 10:42:17 +0200 Source: sssd Binary: sssd sssd-common sssd-ad sssd-ad-common sssd-dbus sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libnss-sss libpam-sss libipa-hbac0 libipa-hbac-dev libsss-certmap0 libsss-certmap-dev libsss-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev libsss-sudo libsss-simpleifp0 libsss-simpleifp-dev libwbclient-sssd libwbclient-sssd-dev python-libipa-hbac python-libsss-nss-idmap python-sss python3-libipa-hbac python3-libsss-nss-idmap python3-sss Architecture: source Version: 1.16.0-5 Distribution: unstable Urgency: medium Maintainer: Debian SSSD Team <[email protected]> Changed-By: Timo Aaltonen <[email protected]> Description: libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files libipa-hbac0 - FreeIPA HBAC Evaluator library libnss-sss - Nss library for the System Security Services Daemon libpam-sss - Pam module for the System Security Services Daemon libsss-certmap-dev - Certificate mapping library for SSSD -- development files libsss-certmap0 - Certificate mapping library for SSSD libsss-idmap-dev - ID mapping library for SSSD -- development files libsss-idmap0 - ID mapping library for SSSD libsss-nss-idmap-dev - SID based lookups library for SSSD -- development files libsss-nss-idmap0 - SID based lookups library for SSSD libsss-simpleifp-dev - SSSD D-Bus responder helper library -- development files libsss-simpleifp0 - SSSD D-Bus responder helper library libsss-sudo - Communicator library for sudo libwbclient-sssd - SSSD libwbclient implementation libwbclient-sssd-dev - SSSD libwbclient implementation -- development files python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library python-libsss-nss-idmap - Python bindings for the SID lookups library python-sss - Python module for the System Security Services Daemon python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library python3-libsss-nss-idmap - Python3 bindings for the SID lookups library python3-sss - Python3 module for the System Security Services Daemon sssd - System Security Services Daemon -- metapackage sssd-ad - System Security Services Daemon -- Active Directory back end sssd-ad-common - System Security Services Daemon -- PAC responder sssd-common - System Security Services Daemon -- common files sssd-dbus - System Security Services Daemon -- D-Bus responder sssd-ipa - System Security Services Daemon -- IPA back end sssd-kcm - System Security Services Daemon -- Kerberos KCM server implementa sssd-krb5 - System Security Services Daemon -- Kerberos back end sssd-krb5-common - System Security Services Daemon -- Kerberos helpers sssd-ldap - System Security Services Daemon -- LDAP back end sssd-proxy - System Security Services Daemon -- proxy back end sssd-tools - System Security Services Daemon -- tools Closes: 888207 Changes: sssd (1.16.0-5) unstable; urgency=medium . * rules: Disable files domain, it's not useful in Debian. (Closes: #888207) Checksums-Sha1: 5fcc431363acc55a45aa069a13e7a7f8c90f46f5 4605 sssd_1.16.0-5.dsc d8ea5d9cd0e98b9fd2ccbc27a197c2717af39940 50250 sssd_1.16.0-5.diff.gz Checksums-Sha256: 23387dbe3c32bc618dccb641f03cbdbfae446a9df95bb4892e7eea74ec4efcd9 4605 sssd_1.16.0-5.dsc 81ae5610502e7a325e173cf2031953f5e07a9dc776e052f27e26f81d3008ebdd 50250 sssd_1.16.0-5.diff.gz Files: 1b97a5b1d9bc3c36bbbdb493432534cf 4605 utils extra sssd_1.16.0-5.dsc 96df34739fc1f2abc31925b01e775ff4 50250 utils extra sssd_1.16.0-5.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJaaun1AAoJEMtwMWWoiYTchzkP/3/9t4k+qO2oJdQ4AhNiWc2C v4xLw/hnJ5X/1W/X+sv6dtzuBdlVI7JiOCONCt+PiJHDqP6PFFswmybg1PrLf2bR sgV6sQO92qVT5VLBG2lhfXe9OH4U7rVLP22UFfaem9ggTasNAf5FUDyHbE5SCSXr 9cKMnFuNX7+wwFvanHFsxoAKUq+3jwuTAnlgGUFfE9fgIb89PsW+PnOXv4JrF4tI PR5mTwxl6g31iCw4AnZPew+tY9Y4L5NPA1+UNJaeuiHJfRFC3ZNlHr2Ggy4KP0mN y53jUbtiz/l3zoCxXJtU6uxOLP0nkW5eIS7bmwfuAjI0u3Pnmrp/L2VFYhM9Pwvj q7sxTbo8ARqf/MCWfubMwgcS0sA/gxxCFPx0+WmkAFHyxDYGkiv//cq5aMTfobqm Vh1yg590F/fCofB9cdxuGYCSqcqPAYPcANsaBtBGzv4qpVtMibCN38cXrqGfTyX5 kLtOkbcidBWbPRHQP96mlt2aqo8ggtov094Gxg6Tpd8JO7pwnXyHHPxfI9S5RJvD KyRl/DGrUvyHrjl5urITR8HYjiDR4Bp+/c6mx+JvIG5Wjk/Ek/cEWt0pH1wLIs+S 5fAxmK4Lup0DokLjWGPfmvWNwtfXyToj26g3TIBVOgs7GdO7mR0GSo4zZ7RliMls knQCht0+jczfbMrvripW =RNDb -----END PGP SIGNATURE-----
--- End Message ---

