On (27/05/15 14:22), nat...@nathanpeters.com wrote:
>I have a CentOS 6.3 client with sssd 1.11.6-30.el6_6.4 installed and when
>one of my FreeIPA users tries to sudo (he has permissions via group
>membership) I get the following error in /var/log/messages
>
>May 27 20:51:34 ipaclient sssd[be[mydomain.net]]: dereference processing
>failed : Invalid argument
>
>I have read that this is a known bug
>(https://bugzilla.redhat.com/show_bug.cgi?id=1154042) and that the
>suggested fix is to add the following line to the domain section of the
>sssd.conf :
>
>ldap_group_object_class = ipaUserGroup
>
You cannot hit BZ1154042, because it is already fixed in 1.11.6-30.el6_6.4
@see https://bugzilla.redhat.com/show_bug.cgi?id=1165074

>I tried adding that and then restarting the client, but it did not fix the
>problem.  I have also read that this problem may only apply to POSIX
>groups so I removed my user from all POSIX groups, added him to non posix
>groups and then created some new sudo rules and hbac rules. I restarted
>the client again and still had the same issue where I could login but not
>sudo.
>
>Is there a known workaround that actually works?
>
>I see this bug is supposed to be fixed in sssd 1.11.8.  Is this version of
>sssd going to be released into any repo for CentOS 6?
>
No 1.11.8 will not be release in CentOS 6. CentOS just rebuild rhel src.rpm
packages. However rhel 6.7-beta has already sssd-1.12.4-x.

If you want you can test with pre-release of upstream 1.12.5
https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12-latest/

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to