[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
This bug was fixed in the package sssd - 1.16.1-1ubuntu1.2 --- sssd (1.16.1-1ubuntu1.2) bionic; urgency=medium * d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of crond for Debian and Ubuntu (LP: #1572908) -- Victor Tapia Wed, 27 Feb 2019 14:53:11 +0100 ** Changed in: sssd (Ubuntu Bionic) Status: Fix Committed => Fix Released ** Changed in: sssd (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
This bug was fixed in the package sssd - 1.13.4-1ubuntu1.14 --- sssd (1.13.4-1ubuntu1.14) xenial; urgency=medium * d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of crond for Debian and Ubuntu (LP: #1572908) -- Victor Tapia Mon, 11 Mar 2019 15:30:35 +0100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
This bug was fixed in the package sssd - 1.16.3-1ubuntu2.1 --- sssd (1.16.3-1ubuntu2.1) cosmic; urgency=medium * d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of crond for Debian and Ubuntu (LP: #1572908) -- Victor Tapia Wed, 27 Feb 2019 15:57:53 +0100 ** Changed in: sssd (Ubuntu Cosmic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
This bug was fixed in the package sssd - 1.16.3-3ubuntu1.1 --- sssd (1.16.3-3ubuntu1.1) disco; urgency=medium * d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of crond for Debian and Ubuntu (LP: #1572908) -- Victor Tapia Mon, 11 Mar 2019 13:48:26 +0100 ** Changed in: sssd (Ubuntu Disco) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
# VERIFICATION: XENIAL - Before the upgrade, the cron job does not run: ubuntu@xenial-sssd-ad:~$ dpkg -l | grep sssd ii sssd 1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- metapackage ii sssd-ad 1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- Active Directory back end ii sssd-ad-common1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- PAC responder ii sssd-common 1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- common files ii sssd-ipa 1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- IPA back end ii sssd-krb5 1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- Kerberos back end ii sssd-krb5-common 1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- Kerberos helpers ii sssd-ldap 1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- LDAP back end ii sssd-proxy1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- proxy back end ii sssd-tools1.13.4-1ubuntu1.13 amd64System Security Services Daemon -- tools ubuntu@xenial-sssd-ad:~$ tail /var/log/syslog -n20 | grep -i cron | tail -n2 May 6 14:54:01 xenial-sssd-ad cron[1048]: Permission denied May 6 14:54:01 xenial-sssd-ad CRON[24800]: Permission denied ubuntu@xenial-sssd-ad:~$ date Mon May 6 14:54:33 UTC 2019 ubuntu@xenial-sssd-ad:~$ sudo tail /var/spool/cron/crontabs/logonuser\@tests.local | grep -v ^# * * * * * touch /tmp/crontest - Using the version in -proposed, the cron job works: ubuntu@xenial-sssd-ad:~$ dpkg -l | grep sssd ii sssd 1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- metapackage ii sssd-ad 1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- Active Directory back end ii sssd-ad-common1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- PAC responder ii sssd-common 1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- common files ii sssd-ipa 1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- IPA back end ii sssd-krb5 1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- Kerberos back end ii sssd-krb5-common 1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- Kerberos helpers ii sssd-ldap 1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- LDAP back end ii sssd-proxy1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- proxy back end ii sssd-tools1.13.4-1ubuntu1.14 amd64System Security Services Daemon -- tools ubuntu@xenial-sssd-ad:~$ tail /var/log/syslog -n20 | grep -i cron | tail -n1 May 6 15:08:01 xenial-sssd-ad CRON[2706]: (logonuser@tests.local) CMD (touch /tmp/crontest) ubuntu@xenial-sssd-ad:~$ ll /tmp/crontest -rw-r--r-- 1 logonuser@tests.local domain users@tests.local 0 May 6 15:08 /tmp/crontest ubuntu@xenial-sssd-ad:~$ date Mon May 6 15:08:18 UTC 2019 ** Tags removed: verification-needed verification-needed-bionic verification-needed-cosmic verification-needed-disco verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
# VERIFICATION: DISCO - Before the upgrade, the cron job does not run: ubuntu@disco-sssd-ad:~$ date Mon May 6 11:30:29 UTC 2019 ubuntu@disco-sssd-ad:~$ tail /var/log/syslog | grep -i cron May 6 11:30:02 disco-sssd-ad cron[690]: Permission denied May 6 11:30:02 disco-sssd-ad CRON[14325]: Permission denied ubuntu@disco-sssd-ad:~$ sudo tail /var/spool/cron/crontabs/logonuser\@tests.local | grep -v ^# * * * * * touch /tmp/crontest ubuntu@disco-sssd-ad:~$ dpkg -l | grep sssd ii sssd 1.16.3-3ubuntu1 amd64 System Security Services Daemon -- metapackage ii sssd-ad 1.16.3-3ubuntu1 amd64 System Security Services Daemon -- Active Directory back end ii sssd-ad-common1.16.3-3ubuntu1 amd64 System Security Services Daemon -- PAC responder ii sssd-common 1.16.3-3ubuntu1 amd64 System Security Services Daemon -- common files ii sssd-dbus 1.16.3-3ubuntu1 amd64 System Security Services Daemon -- D-Bus responder ii sssd-ipa 1.16.3-3ubuntu1 amd64 System Security Services Daemon -- IPA back end ii sssd-kcm 1.16.3-3ubuntu1 amd64 System Security Services Daemon -- Kerberos KCM server implementation ii sssd-krb5 1.16.3-3ubuntu1 amd64 System Security Services Daemon -- Kerberos back end ii sssd-krb5-common 1.16.3-3ubuntu1 amd64 System Security Services Daemon -- Kerberos helpers ii sssd-ldap 1.16.3-3ubuntu1 amd64 System Security Services Daemon -- LDAP back end ii sssd-proxy1.16.3-3ubuntu1 amd64 System Security Services Daemon -- proxy back end ii sssd-tools1.16.3-3ubuntu1 amd64 System Security Services Daemon -- tools - Using the version in -proposed, the cron job works: ubuntu@disco-sssd-ad:~$ dpkg -l | grep sssd ii sssd 1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- metapackage ii sssd-ad 1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- Active Directory back end ii sssd-ad-common1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- PAC responder ii sssd-common 1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- common files ii sssd-dbus 1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- D-Bus responder ii sssd-ipa 1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- IPA back end ii sssd-kcm 1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- Kerberos KCM server implementation ii sssd-krb5 1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- Kerberos back end ii sssd-krb5-common 1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- Kerberos helpers ii sssd-ldap 1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- LDAP back end ii sssd-proxy1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- proxy back end ii sssd-tools1.16.3-3ubuntu1.1 amd64 System Security Services Daemon -- tools ubuntu@disco-sssd-ad:~$ date Mon May 6 14:35:03 UTC 2019 ubuntu@disco-sssd-ad:~$ ll /tmp/crontest -rw-r--r-- 1 logonuser@tests.local domain users@tests.local 0 May 6 14:35 /tmp/crontest ubuntu@disco-sssd-ad:~$ tail /var/log/syslog | grep -i cron | tail -n1 May 6 14:35:01 disco-sssd-ad CRON[16197]: (logonuser@tests.local) CMD (touch /tmp/crontest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
# VERIFICATION: COSMIC - Before the upgrade, the cron job does not run: ubuntu@cosmic-sssd-ad:~$ tail /var/log/syslog | grep -i cron May 6 12:02:01 cosmic-sssd-ad cron[18740]: Permission denied May 6 12:02:01 cosmic-sssd-ad CRON[18771]: Permission denied ubuntu@cosmic-sssd-ad:~$ date Mon May 6 12:02:23 UTC 2019 ubuntu@cosmic-sssd-ad:~$ sudo tail /var/spool/cron/crontabs/logonuser\@tests.local | grep -v ^# * * * * * touch /tmp/crontest ubuntu@cosmic-sssd-ad:~$ dpkg -l |grep sssd ii sssd 1.16.3-1ubuntu2 amd64 System Security Services Daemon -- metapackage ii sssd-ad 1.16.3-1ubuntu2 amd64 System Security Services Daemon -- Active Directory back end ii sssd-ad-common1.16.3-1ubuntu2 amd64 System Security Services Daemon -- PAC responder ii sssd-common 1.16.3-1ubuntu2 amd64 System Security Services Daemon -- common files ii sssd-dbus 1.16.3-1ubuntu2 amd64 System Security Services Daemon -- D-Bus responder ii sssd-ipa 1.16.3-1ubuntu2 amd64 System Security Services Daemon -- IPA back end ii sssd-krb5 1.16.3-1ubuntu2 amd64 System Security Services Daemon -- Kerberos back end ii sssd-krb5-common 1.16.3-1ubuntu2 amd64 System Security Services Daemon -- Kerberos helpers ii sssd-ldap 1.16.3-1ubuntu2 amd64 System Security Services Daemon -- LDAP back end ii sssd-proxy1.16.3-1ubuntu2 amd64 System Security Services Daemon -- proxy back end ii sssd-tools1.16.3-1ubuntu2 amd64 System Security Services Daemon -- tools - Using the version in -proposed, the cron job works: ubuntu@cosmic-sssd-ad:~$ dpkg -l | grep sssd ii sssd 1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- metapackage ii sssd-ad 1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- Active Directory back end ii sssd-ad-common1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- PAC responder ii sssd-common 1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- common files ii sssd-dbus 1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- D-Bus responder ii sssd-ipa 1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- IPA back end ii sssd-krb5 1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- Kerberos back end ii sssd-krb5-common 1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- Kerberos helpers ii sssd-ldap 1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- LDAP back end ii sssd-proxy1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- proxy back end ii sssd-tools1.16.3-1ubuntu2.1 amd64 System Security Services Daemon -- tools ubuntu@cosmic-sssd-ad:~$ tail /var/log/syslog | grep -i cron | tail -n1 May 6 14:14:01 cosmic-sssd-ad CRON[8985]: (logonuser@tests.local) CMD (touch /tmp/crontest) ubuntu@cosmic-sssd-ad:~$ date Mon May 6 14:14:14 UTC 2019 ubuntu@cosmic-sssd-ad:~$ ll /tmp/crontest -rw-r--r-- 1 logonuser@tests.local domain users@tests.local 0 May 6 14:14 /tmp/crontest -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
# VERIFICATION: BIONIC - Before the upgrade, the cron job does not run: ubuntu@bionic-sssd-ad:~$ dpkg -l|grep sssd ii sssd 1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- metapackage ii sssd-ad 1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- Active Directory back end ii sssd-ad-common1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- PAC responder ii sssd-common 1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- common files ii sssd-dbus 1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- D-Bus responder ii sssd-ipa 1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- IPA back end ii sssd-krb5 1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- Kerberos back end ii sssd-krb5-common 1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- Kerberos helpers ii sssd-ldap 1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- LDAP back end ii sssd-proxy1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- proxy back end ii sssd-tools1.16.1-1ubuntu1.1 amd64System Security Services Daemon -- tools ubuntu@bionic-sssd-ad:~$ sudo tail /var/spool/cron/crontabs/logonuser\@tests.local | grep -v ^# * * * * * touch /tmp/crontest ubuntu@bionic-sssd-ad:~$ tail -n20 /var/log/syslog | grep -i CRON May 6 11:04:01 bionic-sssd-ad cron[933]: Permission denied May 6 11:04:01 bionic-sssd-ad CRON[4605]: Permission denied ubuntu@bionic-sssd-ad:~$ date Mon May 6 11:04:22 UTC 2019 - Using the version in -proposed, the cron job works: ubuntu@bionic-sssd-ad:~$ dpkg -l | grep sssd ii sssd 1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- metapackage ii sssd-ad 1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- Active Directory back end ii sssd-ad-common1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- PAC responder ii sssd-common 1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- common files ii sssd-dbus 1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- D-Bus responder ii sssd-ipa 1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- IPA back end ii sssd-krb5 1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- Kerberos back end ii sssd-krb5-common 1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- Kerberos helpers ii sssd-ldap 1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- LDAP back end ii sssd-proxy1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- proxy back end ii sssd-tools1.16.1-1ubuntu1.2 amd64System Security Services Daemon -- tools ubuntu@bionic-sssd-ad:~$ ll /tmp/crontest -rw-r--r-- 1 logonuser@tests.local domain users@tests.local 0 May 6 14:07 /tmp/crontest ubuntu@bionic-sssd-ad:~$ date Mon May 6 14:07:07 UTC 2019 ubuntu@bionic-sssd-ad:~$ tail /var/log/syslog | grep -i cron ... May 6 14:07:01 bionic-sssd-ad CRON[27167]: (logonuser@tests.local) CMD (touch /tmp/crontest) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
Hello Franz, or anyone else affected, Accepted sssd into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sssd/1.16.3-1ubuntu2.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: sssd (Ubuntu Cosmic) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-cosmic ** Changed in: sssd (Ubuntu Disco) Status: In Progress => Fix Committed ** Tags added: verification-needed-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
Sponsored for D/C/B/X. Thanks Victor ! ** Changed in: sssd (Ubuntu Xenial) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
# Pending SRU page : xenial Package -release-updates-proposed (signer, creator) changelog bugs days sssd1.13.4-1ubuntu1 1.13.4-1ubuntu1.12 1.13.4-1ubuntu1.13 (ahasenack) 1722936 1793882 52 I left an irc message to andreas for him to have a look. The above is blocking us to sponsor 'X' but we can sponsor D, C & B for now. 'X' will need to wait until it is released. Regards, Eric ** Changed in: sssd (Ubuntu Cosmic) Status: New => In Progress ** Changed in: sssd (Ubuntu Bionic) Status: New => In Progress ** Changed in: sssd (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
This bug was fixed in the package sssd - 1.16.3-3ubuntu2 --- sssd (1.16.3-3ubuntu2) eoan; urgency=medium * d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of crond for Debian and Ubuntu (LP: #1572908) -- Victor Tapia Mon, 23 Apr 2019 13:48:26 +0100 ** Changed in: sssd (Ubuntu Eoan) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
Sponsored for 'eoan', considering the patch is merged upstream and already part of debian. Nitpick: - Rename quilt patch d/p/GPO_CROND-customization.diff to d/p/GPO_CROND-customization.patch - Rework the DEP3 header Note for next sponsoring (Disco debdiff) I haven't look others yet. A quick look at the Disco debdiff, the actual proposed disco version would need to be changed from "1.16.3-3ubuntu2" to "1.16.3-3ubuntu1.1" Thanks Eric ** Changed in: sssd (Ubuntu Eoan) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
The fix is included in sssd 1.16.4, currently in debian experimental -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Also affects: sssd (Ubuntu Eoan) Importance: Medium Assignee: Victor Tapia (vtapia) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Patch added: "eoan-sssd-gpo.debdiff" https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5258263/+files/eoan-sssd-gpo.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
note: waiting until after disco release to upload this due to freeze. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Description changed:
[Impact]
SSSD has GPO_CROND set to "crond" in its code while Debian/Ubuntu use
"cron" as a PAM service. This difference makes AD users have cron
blocked by default, instead of having it enabled.
[Test Case]
- With an Active Directory user created (e.g. logonuser@TESTS.LOCAL),
set a cron task:
logonuser@tests.local@xenial-sssd-ad:~$ crontab -l | grep -v ^#
* * * * * true /tmp/crontest
- If the default is set to "crond" the task is blocked:
# ag pam /var/log/ | grep -i denied | head -n 2
/var/log/auth.log.1:772:Feb 21 11:00:01 xenial-sssd-ad CRON[2387]:
pam_sss(cron:account): Access denied for user logonuser@tests.local: 6
(Permission denied)
/var/log/auth.log.1:773:Feb 21 11:01:01 xenial-sssd-ad CRON[2390]:
pam_sss(cron:account): Access denied for user logonuser@tests.local: 6
(Permission denied)
- Setting GPO_CROND to "cron" or adding "ad_gpo_map_batch = +cron" to
the configuration file solves the issue.
[Regression potential]
Minimal. The default value does not apply to Debian/Ubuntu, and those
who added a configuration option to circumvent the issue
("ad_gpo_map_batch = +cron") will continue working after this patch is
applied.
[Other Info]
- Upstream commit:
+ Upstream commit:
https://github.com/SSSD/sssd/commit/bc65ba9a07a924a58b13a0d5a935114ab72b7524
+
+ # git describe --contains bc65ba9a07a924a58b13a0d5a935114ab72b7524
+ sssd-2_1_0~14
+
+ # rmadison sssd
+ => sssd | 1.13.4-1ubuntu1.13 | xenial-proposed
+ => sssd | 1.16.1-1ubuntu1.1 | bionic-updates
+ => sssd | 1.16.3-1ubuntu2| cosmic
+ => sssd | 1.16.3-3ubuntu1| disco
+
[Original description]
User cron jobs has Access denied for user
pr 21 11:05:02 edvlw08 CRON[6848]: pam_sss(cron:account): Access denied for
user : 6 (Zugriff verweigert)
Apr 21 11:05:02 edvlw08 CRON[6848]: Zugriff verweigert
Apr 21 11:05:02 edvlw08 cron[965]: Zugriff verweigert
SSSD-AD Login works, i see also my AD groups
Description:Ubuntu 16.04 LTS
Release:16.04
sssd:
Installed: 1.13.4-1ubuntu1
Candidate: 1.13.4-1ubuntu1
Version table:
*** 1.13.4-1ubuntu1 500
500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
sssd-ad:
Installed: 1.13.4-1ubuntu1
Candidate: 1.13.4-1ubuntu1
Version table:
*** 1.13.4-1ubuntu1 500
500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
libpam-sss:
Installed: 1.13.4-1ubuntu1
Candidate: 1.13.4-1ubuntu1
Version table:
*** 1.13.4-1ubuntu1 500
500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
/ect/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = test.at
[nss]
default_shell = /bin/false
[domain/test.at]
decription = TEST - ActiveDirectory
enumerate = false
cache_credentials = true
id_provider = ad
auth_provider = ad
chpass_provider = ad
ad_domain = test.at
access_provider = ad
subdomains_provider = none
ldap_use_tokengroups = false
dyndns_update = true
krb5_realm = TEST.AT
krb5_store_password_if_offline = true
ldap_id_mapping = false
krb5_keytab = /etc/krb5.host.keytab
ldap_krb5_keytab = /etc/krb5.host.keytab
ldap_use_tokengroups = false
ldap_referrals = false
** Changed in: sssd (Ubuntu Disco)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron:account): Access denied for user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Changed in: sssd (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: sssd (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: sssd (Ubuntu Cosmic) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Tags added: sts-sponsor -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
The attachment "disco-sssd-gpo.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Patch added: "bionic-sssd-gpo.debdiff" https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5245457/+files/bionic-sssd-gpo.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Tags added: sts ** Patch added: "disco-sssd-gpo.debdiff" https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5245455/+files/disco-sssd-gpo.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Patch added: "cosmic-sssd-gpo.debdiff" https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5245456/+files/cosmic-sssd-gpo.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Patch added: "xenial-sssd-gpo.debdiff" https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+attachment/5245458/+files/xenial-sssd-gpo.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Description changed:
[Impact]
SSSD has GPO_CROND set to "crond" in its code while Debian/Ubuntu use
"cron" as a PAM service. This difference makes AD users have cron
blocked by default, instead of having it enabled.
[Test Case]
- With an Active Directory user created (e.g. logonuser@TESTS.LOCAL),
set a cron task:
logonuser@tests.local@xenial-sssd-ad:~$ crontab -l | grep -v ^#
* * * * * true /tmp/crontest
- If the default is set to "crond" the task is blocked:
# ag pam /var/log/ | grep -i denied | head -n 2
/var/log/auth.log.1:772:Feb 21 11:00:01 xenial-sssd-ad CRON[2387]:
pam_sss(cron:account): Access denied for user logonuser@tests.local: 6
(Permission denied)
/var/log/auth.log.1:773:Feb 21 11:01:01 xenial-sssd-ad CRON[2390]:
pam_sss(cron:account): Access denied for user logonuser@tests.local: 6
(Permission denied)
- Setting GPO_CROND to "cron" or adding "ad_gpo_map_batch = +cron" to
the configuration file solves the issue.
[Regression potential]
+ Minimal. The default value does not apply to Debian/Ubuntu, and those
+ who added a configuration option to circumvent the issue
+ ("ad_gpo_map_batch = +cron") will continue working after this patch is
+ applied.
+
[Other Info]
+
+ Upstream commit:
+ https://github.com/SSSD/sssd/commit/bc65ba9a07a924a58b13a0d5a935114ab72b7524
[Original description]
User cron jobs has Access denied for user
pr 21 11:05:02 edvlw08 CRON[6848]: pam_sss(cron:account): Access denied for
user : 6 (Zugriff verweigert)
Apr 21 11:05:02 edvlw08 CRON[6848]: Zugriff verweigert
Apr 21 11:05:02 edvlw08 cron[965]: Zugriff verweigert
SSSD-AD Login works, i see also my AD groups
Description:Ubuntu 16.04 LTS
Release:16.04
sssd:
Installed: 1.13.4-1ubuntu1
Candidate: 1.13.4-1ubuntu1
Version table:
*** 1.13.4-1ubuntu1 500
500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
sssd-ad:
Installed: 1.13.4-1ubuntu1
Candidate: 1.13.4-1ubuntu1
Version table:
*** 1.13.4-1ubuntu1 500
500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
libpam-sss:
Installed: 1.13.4-1ubuntu1
Candidate: 1.13.4-1ubuntu1
Version table:
*** 1.13.4-1ubuntu1 500
500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
/ect/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = test.at
[nss]
default_shell = /bin/false
[domain/test.at]
decription = TEST - ActiveDirectory
enumerate = false
cache_credentials = true
id_provider = ad
auth_provider = ad
chpass_provider = ad
ad_domain = test.at
access_provider = ad
subdomains_provider = none
ldap_use_tokengroups = false
dyndns_update = true
krb5_realm = TEST.AT
krb5_store_password_if_offline = true
ldap_id_mapping = false
krb5_keytab = /etc/krb5.host.keytab
ldap_krb5_keytab = /etc/krb5.host.keytab
ldap_use_tokengroups = false
ldap_referrals = false
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron:account): Access denied for user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Changed in: sssd (Ubuntu Disco) Status: Expired => Confirmed ** Changed in: sssd (Ubuntu Disco) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
** Description changed: + [Impact] + + SSSD has GPO_CROND set to "crond" in its code while Debian/Ubuntu use + "cron" as a PAM service. This difference makes AD users have cron + blocked by default, instead of having it enabled. + + [Test Case] + + - With an Active Directory user created (e.g. logonuser@TESTS.LOCAL), + set a cron task: + + logonuser@tests.local@xenial-sssd-ad:~$ crontab -l | grep -v ^# + * * * * * true /tmp/crontest + + - If the default is set to "crond" the task is blocked: + + # ag pam /var/log/ | grep -i denied | head -n 2 + /var/log/auth.log.1:772:Feb 21 11:00:01 xenial-sssd-ad CRON[2387]: pam_sss(cron:account): Access denied for user logonuser@tests.local: 6 (Permission denied) + /var/log/auth.log.1:773:Feb 21 11:01:01 xenial-sssd-ad CRON[2390]: pam_sss(cron:account): Access denied for user logonuser@tests.local: 6 (Permission denied) + + - Setting GPO_CROND to "cron" or adding "ad_gpo_map_batch = +cron" to + the configuration file solves the issue. + + [Regression potential] + + [Other Info] + + [Original description] + User cron jobs has Access denied for user pr 21 11:05:02 edvlw08 CRON[6848]: pam_sss(cron:account): Access denied for user : 6 (Zugriff verweigert) Apr 21 11:05:02 edvlw08 CRON[6848]: Zugriff verweigert Apr 21 11:05:02 edvlw08 cron[965]: Zugriff verweigert SSSD-AD Login works, i see also my AD groups - Description:Ubuntu 16.04 LTS Release:16.04 sssd: - Installed: 1.13.4-1ubuntu1 - Candidate: 1.13.4-1ubuntu1 - Version table: - *** 1.13.4-1ubuntu1 500 - 500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages - 100 /var/lib/dpkg/status + Installed: 1.13.4-1ubuntu1 + Candidate: 1.13.4-1ubuntu1 + Version table: + *** 1.13.4-1ubuntu1 500 + 500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages + 100 /var/lib/dpkg/status sssd-ad: - Installed: 1.13.4-1ubuntu1 - Candidate: 1.13.4-1ubuntu1 - Version table: - *** 1.13.4-1ubuntu1 500 - 500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages - 100 /var/lib/dpkg/status + Installed: 1.13.4-1ubuntu1 + Candidate: 1.13.4-1ubuntu1 + Version table: + *** 1.13.4-1ubuntu1 500 + 500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages + 100 /var/lib/dpkg/status libpam-sss: - Installed: 1.13.4-1ubuntu1 - Candidate: 1.13.4-1ubuntu1 - Version table: - *** 1.13.4-1ubuntu1 500 - 500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages - 100 /var/lib/dpkg/status - + Installed: 1.13.4-1ubuntu1 + Candidate: 1.13.4-1ubuntu1 + Version table: + *** 1.13.4-1ubuntu1 500 + 500 http://at.archive.ubuntu.com/ubuntu xenial/main amd64 Packages + 100 /var/lib/dpkg/status /ect/sssd/sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = test.at [nss] default_shell = /bin/false [domain/test.at] decription = TEST - ActiveDirectory enumerate = false cache_credentials = true id_provider = ad auth_provider = ad chpass_provider = ad ad_domain = test.at access_provider = ad subdomains_provider = none ldap_use_tokengroups = false dyndns_update = true krb5_realm = TEST.AT krb5_store_password_if_offline = true ldap_id_mapping = false krb5_keytab = /etc/krb5.host.keytab ldap_krb5_keytab = /etc/krb5.host.keytab ldap_use_tokengroups = false ldap_referrals = false ** Also affects: sssd (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: sssd (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: sssd (Ubuntu Disco) Importance: Undecided Status: Expired ** Also affects: sssd (Ubuntu Cosmic) Importance: Undecided Status: New ** Changed in: sssd (Ubuntu Xenial) Assignee: (unassigned) => Victor Tapia (vtapia) ** Changed in: sssd (Ubuntu Bionic) Assignee: (unassigned) => Victor Tapia (vtapia) ** Changed in: sssd (Ubuntu Cosmic) Assignee: (unassigned) => Victor Tapia (vtapia) ** Changed in: sssd (Ubuntu Disco) Assignee: (unassigned) => Victor Tapia (vtapia) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
As johannes-martin pointed out default value for ad_gpo_map_batch doesn't work on Ubuntu Xenial and newer because cron service runs as cron not crond. Solution to this issue would be listing cron as PAM service name and restarting sssd. ad_gpo_map_batch = +cron -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
According to man sssd-ad, the default configuration of sssd should allow cron jobs to be run: --- ad_gpo_map_batch (string) A comma-separated list of PAM service names for which GPO-based access control is evaluated based on the BatchLogonRight and DenyBatchLogonRight policy settings. Note: Using the Group Policy Management Editor this value is called "Allow log on as a batch job" and "Deny log on as a batch job". It is possible to add another PAM service name to the default set by using “+service_name” or to explicitly remove a PAM service name from the default set by using “-service_name”. For example, in order to replace a default PAM service name for this logon right (e.g. “crond”) with a custom pam service name (e.g. “my_pam_service”), you would use the following configuration: ad_gpo_map_batch = +my_pam_service, -crond Default: the default set of PAM service names includes: · crond --- Could it be that the service name in Ubuntu differs from the configured service name (crond). >From the log: Feb 8 10:40:01 host CRON[10308]: pam_sss(cron:account): Access denied for user someone: 6 (Permission denied) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
I am getting the same error. It looks like the below site ha expired: https://fedorahosted.org/sssd/wiki/Troubleshooting Please suggest. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
[Expired for sssd (Ubuntu) because there has been no activity for 60 days.] ** Changed in: sssd (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
This seems to be the current troubleshooting guide: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html Please obtain relevant log files and attach them to this bug, otherwise we won't be able to make progress. Thanks ** Changed in: sssd (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
This seems to be the current troubleshooting guide: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html Please obtain relevant log files and attach them to this bug, otherwise we won't be able to make progress. Thanks ** Changed in: sssd (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to sssd in Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
Is it possible to use local user access control for cron with /etc/security/access.conf? + : username : cron crond : ALL Presuming I need to do this: /etc/pam.d/cron:account required pam_access.so -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
Same problem on xubuntu 16.10 incl. all updates. Cronjob throws 'no permission' error. Had to do both: - create /var/lib/sss/gpo_cache/domain.lan and add - ad_gpo_access_control = permissive to sssd.conf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
just create /var/lib/sss/gpo_cache/ and chmod it, sssd should be able to create the subdirectory -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
Check if you have /var/lib/sss/gpo_cache/test.at directory. I had to crate manually both gpo_cache and mydomain. mkdir -pv /var/lib/sss/gpo_cache/test.at chown -R sssd. /var/lib/sss/gpo_cache systemctl restart sssd -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
reopening ** Changed in: sssd (Ubuntu) Status: Invalid => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
6 is access denied, 4 would be system error :-) I'm happy the workaround helps you, but it would still be nice to see the logs. We've had, for example, issues with certain GPO files not being INI-formatted (some lines were missing the equals sign) and at the moment sssd can't parse them. Or this can be a completely different issue...really, tough to say what's going on without the logs.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
On 05/03/2016 06:27 AM, Robie Basak wrote: > Thank you for helping with this Jakub. From Franz's response I presume > this issue is now resolved? Setting this bug as Invalid accordingly. If > this is incorrect please feel free to open with an explanation. > > ** Changed in: sssd (Ubuntu) >Status: Confirmed => Invalid > That is incorrect. By changing that setting, it actually disables policy enforcement from AD (which is probably not what is desired). The error code 6 indicates PAM_SYSTEM_ERR, which means that a bug happened and SSSD was unable to make a proper determination of access (thus it defaults to denial for safety). So this is still a bug and logs will be needed to figure out what failed. See: https://fedorahosted.org/sssd/wiki/Troubleshooting -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
Thank you for helping with this Jakub. From Franz's response I presume this issue is now resolved? Setting this bug as Invalid accordingly. If this is incorrect please feel free to open with an explanation. ** Changed in: sssd (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
ad_gpo_access_control = permissive works now my user cronjobs works again thx -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
One though..in AD code we had some issues with GPO policy enforcement. You can test if its your case by setting: ad_gpo_access_control = permissive -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
Please follow https://fedorahosted.org/sssd/wiki/Troubleshooting to see why you're denied access, there is no way for anyone to make an informed decision without log files. Also ldap_use_tokengroups = false is likely to have negative performance impact on your environment. Lastly, drop ldap_use_tokengroups = false from the config file, it's already the default for the ad provider. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572908] Re: sssd-ad pam_sss(cron:account): Access denied for user
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: sssd (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572908 Title: sssd-ad pam_sss(cron:account): Access denied for user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
