Package: sssd Version: 2.3.0-2 Severity: grave Justification: renders package unusable
This locks me out of my systems. $ sudo -l [sudo] password for sam.morris@ad.domain.example: Sorry, try again. [sudo] password for sam.morris@ad.domain.example: Sorry, try again. [sudo] password for sam.morris@ad.domain.example: sudo: 3 incorrect password attempts Each authentication attempt logs the following in sssd_pam.log: (2020-07-16 18:08:38): [pam] [sysdb_search_user_by_upn_res] (0x0040): Search for upn [sam.morris@ad.domain.example] returns more than one result. One of the possible reasons can be that several users share the same email address. (2020-07-16 18:08:38): [pam] [sysdb_search_user_by_upn] (0x0040): Error: 22 (Invalid argument) (2020-07-16 18:08:38): [pam] [sysdb_initgroups_by_upn] (0x0040): sysdb_search_user_by_upn() failed. (2020-07-16 18:08:38): [pam] [cache_req_search_cache] (0x0020): CR #12: Unable to lookup [sam.morris@ad.domain.example] in cache [22]: Invalid argument (2020-07-16 18:08:38): [pam] [pam_check_user_search_next] (0x0020): Fatal error, killing connection! My user exists in an Active Directory domain that has a one-way trust established via FreeIPA. We do indeed have several users with the same email address. That's (until now) been a perfectly valid setup (one human has several accounts for performing different roles and they all have the same email address). Downgrading to 2.2.3-3 fixes the problem. It's necessary to remove the sssd database after downgrading. I've had a quick scan of the commits between 2.2.3 and 2.3.0 and nothing's jumped out at me yet. I'll take another look later... -- System Information: Debian Release: 10.3 APT prefers stable-debug APT policy: (570, 'stable-debug'), (570, 'stable'), (550, 'testing-debug'), (550, 'testing'), (530, 'unstable-debug'), (530, 'unstable'), (500, 'stable-updates'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_USER Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: default Versions of packages sssd depends on: ii python3-sss 2.3.0-2 ii sssd-ad 2.3.0-2 ii sssd-common 2.3.0-2 ii sssd-ipa 2.3.0-2 ii sssd-krb5 2.3.0-2 ii sssd-ldap 2.3.0-2 ii sssd-proxy 2.3.0-2 sssd recommends no packages. sssd suggests no packages. -- no debconf information