[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Launchpad Bug Tracker]

This bug was fixed in the package sssd - 1.13.4-1ubuntu1.7

---
sssd (1.13.4-1ubuntu1.7) xenial; urgency=medium

  * d/rules, d/sssd-common.install: Fix sssd_krb5_locator_plugin install path.
(LP: #1664566)

 -- Andreas Hasenack   Fri, 21 Jul 2017 14:17:56
-0300

** Changed in: sssd (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

Xenial verification

Confirmation of the bug with the current package:
- login failed:
Aug 21 12:14:06 xenial-sssd-sru-1664566 [sssd[krb5_child[4787]]]: Cannot find 
KDC for realm "EXAMPLE.COM"
Aug 21 12:14:06 xenial-sssd-sru-1664566 [sssd[krb5_child[4787]]]: Cannot find 
KDC for realm "EXAMPLE.COM"

- terminal:
ubuntu@xenial-sssd-sru-1664566:~$ sudo login
xenial-sssd-sru-1664566 login: ubuntu
Password: 

Login incorrect
xenial-sssd-sru-1664566 login: 


With packages from proposed the test case passes:
$ apt-cache policy sssd
sssd:
  Installed: 1.13.4-1ubuntu1.7
  Candidate: 1.13.4-1ubuntu1.7
  Version table:
 *** 1.13.4-1ubuntu1.7 500
500 http://br.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 
Packages
100 /var/lib/dpkg/status
 1.13.4-1ubuntu1.6 500
500 http://br.archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
 1.13.4-1ubuntu1 500
500 http://br.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

Retrying login:
ubuntu@xenial-sssd-sru-1664566:~$ sudo login
xenial-sssd-sru-1664566 login: ubuntu
Password: 
Last login: Mon Aug 21 12:13:39 UTC 2017 from 10.0.100.1 on pts/1
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-32-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management: https://landscape.canonical.com
 * Support:https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud

18 packages can be updated.
0 updates are security updates.

We have a kerberos ticket:
ubuntu@xenial-sssd-sru-1664566:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000_ctLjPX
Default principal: ubu...@example.com

Valid starting   Expires  Service principal
08/21/2017 12:15:22  08/21/2017 22:15:22  krbtgt/example@example.com
renew until 08/22/2017 12:15:22


And a new plain kinit fails as expected:
ubuntu@xenial-sssd-sru-1664566:~$ kdestroy
ubuntu@xenial-sssd-sru-1664566:~$ kinit
kinit: Cannot find KDC for realm "LOCALHOST" while getting initial credentials
ubuntu@xenial-sssd-sru-1664566:~$ 


** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

Xenial verification

Confirmation of the bug with the current package:
- login failed:
Aug 21 12:14:06 xenial-sssd-sru-1664566 [sssd[krb5_child[4787]]]: Cannot find 
KDC for realm "EXAMPLE.COM"
Aug 21 12:14:06 xenial-sssd-sru-1664566 [sssd[krb5_child[4787]]]: Cannot find 
KDC for realm "EXAMPLE.COM"

- terminal:
ubuntu@xenial-sssd-sru-1664566:~$ sudo login
xenial-sssd-sru-1664566 login: ubuntu
Password: 

Login incorrect
xenial-sssd-sru-1664566 login: 


With packages from proposed the test case passes:
$ apt-cache policy sssd
sssd:
  Installed: 1.13.4-1ubuntu1.7
  Candidate: 1.13.4-1ubuntu1.7
  Version table:
 *** 1.13.4-1ubuntu1.7 500
500 http://br.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 
Packages
100 /var/lib/dpkg/status
 1.13.4-1ubuntu1.6 500
500 http://br.archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
 1.13.4-1ubuntu1 500
500 http://br.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

Retrying login:
ubuntu@xenial-sssd-sru-1664566:~$ sudo login
xenial-sssd-sru-1664566 login: ubuntu
Password: 
Last login: Mon Aug 21 12:13:39 UTC 2017 from 10.0.100.1 on pts/1
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-32-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management: https://landscape.canonical.com
 * Support:https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud

18 packages can be updated.
0 updates are security updates.

We have a kerberos ticket:
ubuntu@xenial-sssd-sru-1664566:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000_ctLjPX
Default principal: ubu...@example.com

Valid starting   Expires  Service principal
08/21/2017 12:15:22  08/21/2017 22:15:22  krbtgt/example@example.com
renew until 08/22/2017 12:15:22


And a new plain kinit fails as expected:
ubuntu@xenial-sssd-sru-1664566:~$ kdestroy
ubuntu@xenial-sssd-sru-1664566:~$ kinit
kinit: Cannot find KDC for realm "LOCALHOST" while getting initial credentials
ubuntu@xenial-sssd-sru-1664566:~$ 


** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Brian Murray]

Hello Michael, or anyone else affected,

Accepted sssd into xenial-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/sssd/1.13.4-1ubuntu1.7
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, details of your
testing will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: sssd (Ubuntu Xenial)
   Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

I filed https://bugs.launchpad.net/debian/+source/krb5/+bug/1710634 to
fix the libkrb5 plugins directory location and creation. There is no
such plugin shipped with krb5 itself, that's why this was never noticed
before I believe.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

I filed https://bugs.launchpad.net/debian/+source/krb5/+bug/1710634 to
fix the libkrb5 plugins directory location and creation. There is no
such plugin shipped with krb5 itself, that's why this was never noticed
before I believe.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[ChristianEhrhardt]

Reviewed the changes and sponsored the Upload, SRU Template ready and in 
unapproved now.
Thanks for your work Andreas!
Ready for the SRU Team to evaluate.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

** Description changed:

- Hi,
+ [Impact]
  
- I'm on Ubuntu 16.04 LTS, sssd-common 1.13.4-1ubuntu1.1, libkrb5-3
- 1.13.2+dfsg-5.
+ Users cannot rely on the sssd krb5 locator plugin. Effect varies from
+ slow logins (client trying to reach many different KDCs instead of
+ directly the one specified by sssd configuration) to failed logins.
  
- I'm in an environment with several Active Directory sites, each with a
- domain controller. When remote sites' DCs are unreachable because of a
- VPN outage, password authentication is slow or fails. tcpdump shows the
- system is trying to talk to the other sites' domain controllers, and
- timing out.
+ The bug is simple, and so is the fix. The plugin was installed in the
+ wrong directory.
  
- sssd-common installs the locator plugin at /usr/lib/x86_64-linux-
- gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so.
  
- But I can see in strace that Kerberos apps are looking for plugins in
- /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs
- krb5).
+ [Test Case]
+ This test case does not reproduce the exact case reported by the user, but is 
good enough to prove that the plugin is not loaded in the broken package, and 
is loaded just fine in the fixed package.
  
- open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5",
- O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or
- directory)
+ * install the packages on a xenial system. I suggest using LXD:
+ $ sudo apt install sssd krb5-kdc krb5-admin-server libpam-sss
  
- As a result, Kerberos doesn't respect SSSD's Active Directory site
- selection.
+ For the kerberos prompts, answer:
+ - default kerberos realm: EXAMPLE.COM
+ - kerberos servers: just hit enter
+ - administrative server: just hit enter
  
- As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5
- to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection works
- as expected.
+ * create the EXAMPLE.COM realm. Use any password during the creation, it 
doesn't matter:
+ $ sudo krb5_newrealm
  
- Mailing list ref: 
https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/
- --- 
- ApportVersion: 2.20.1-0ubuntu2.4
- Architecture: amd64
- DistroRelease: Ubuntu 16.04
- JournalErrors:
-  Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] 
failed with exit code 1: Hint: You are currently not seeing messages from other 
users and the system.
-Users in the 'systemd-journal' group can see all messages. Pass -q to
-turn off this notice.
-  No journal files were opened due to insufficient permissions.
- Package: sssd 1.13.4-1ubuntu1.1
- PackageArchitecture: amd64
- ProcEnviron:
-  TERM=xterm-256color
-  PATH=(custom, no user)
-  XDG_RUNTIME_DIR=
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
- ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
- Tags:  xenial uec-images
- Uname: Linux 4.4.0-47-generic x86_64
- UpgradeStatus: No upgrade log present (probably fresh install)
- UserGroups:
-  
- _MarkForUpload: True
+ * create the ubuntu principal in the EXAMPLE.COM realm with a password of 
"ubuntu". Note: please make sure your local ubuntu user uses a different 
password, or has none at all. When we login succesfully later, we want to be 
sure it was via kerberos, and not the local user.
+ $ sudo kadmin.local -q "addprinc -pw ubuntu ubu...@example.com"
+ 
+ * configure the krb5 libraries to use a fake realm by default
+ - edit /etc/krb5.conf
+ - replace the default_realm value in [libdefaults] with LOCALHOST (just so it 
fails quickly):
+   [libdefaults]
+   default_realm = LOCALHOST
+ - do not restart the kerberos services
+ 
+ * Create the sssd configuration file /etc/sssd/sssd.conf with these contents:
+ """
+ [sssd]
+ config_file_version = 2
+ services = pam
+ domains = kerberos.example.com
+ 
+ [pam]
+ 
+ [domain/kerberos.example.com]
+ id_provider = proxy
+ proxy_lib_name = files
+ auth_provider = krb5
+ krb5_server = YOURADDRESS
+ krb5_realm = EXAMPLE.COM
+ """
+ - replace YOURADDRESS with the IP of your test container or VM (do not use 
127.0.0.1)
+ - IMPORTANT: sudo chmod 0600 /etc/sssd/sssd.conf
+ 
+ * Start sssd:
+ $ sudo systemctl start sssd.service
+ 
+ * in one terminal:
+ $ tail -f /var/log/syslog
+ 
+ * in another terminal, run:
+ $ sudo login (or just become root and run login)
+ 
+ * attempt to login as ubuntu with the kerberos password created earlier 
"ubuntu"):
+ $ sudo login
+ xenial-sssd-krb5-locator-1664566 login: ubuntu
+ Password:
+ 
+ Login incorrect
+ 
+ * observe that syslog complains about not finding the the KDC for the 
EXAMPLE.COM realm:
+ Jul 21 21:03:40 xenial-sssd-krb5-locator-1664566 [sssd[krb5_child[13628]]]: 
Cannot find KDC for realm "EXAMPLE.COM"
+ 
+ * /var/log/auth will report a general PAM error with no specifics
+ 
+ * install the fixed packages from proposed
+ 
+ * retry the login as ubuntu:
+ - login succeeds
+ - no errors in /var/log/syslog
+ - /var/log/auth will 

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

** Description changed:

- Hi,
+ [Impact]
  
- I'm on Ubuntu 16.04 LTS, sssd-common 1.13.4-1ubuntu1.1, libkrb5-3
- 1.13.2+dfsg-5.
+ Users cannot rely on the sssd krb5 locator plugin. Effect varies from
+ slow logins (client trying to reach many different KDCs instead of
+ directly the one specified by sssd configuration) to failed logins.
  
- I'm in an environment with several Active Directory sites, each with a
- domain controller. When remote sites' DCs are unreachable because of a
- VPN outage, password authentication is slow or fails. tcpdump shows the
- system is trying to talk to the other sites' domain controllers, and
- timing out.
+ The bug is simple, and so is the fix. The plugin was installed in the
+ wrong directory.
  
- sssd-common installs the locator plugin at /usr/lib/x86_64-linux-
- gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so.
  
- But I can see in strace that Kerberos apps are looking for plugins in
- /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs
- krb5).
+ [Test Case]
+ This test case does not reproduce the exact case reported by the user, but is 
good enough to prove that the plugin is not loaded in the broken package, and 
is loaded just fine in the fixed package.
  
- open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5",
- O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or
- directory)
+ * install the packages on a xenial system. I suggest using LXD:
+ $ sudo apt install sssd krb5-kdc krb5-admin-server libpam-sss
  
- As a result, Kerberos doesn't respect SSSD's Active Directory site
- selection.
+ For the kerberos prompts, answer:
+ - default kerberos realm: EXAMPLE.COM
+ - kerberos servers: just hit enter
+ - administrative server: just hit enter
  
- As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5
- to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection works
- as expected.
+ * create the EXAMPLE.COM realm. Use any password during the creation, it 
doesn't matter:
+ $ sudo krb5_newrealm
  
- Mailing list ref: 
https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/
- --- 
- ApportVersion: 2.20.1-0ubuntu2.4
- Architecture: amd64
- DistroRelease: Ubuntu 16.04
- JournalErrors:
-  Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] 
failed with exit code 1: Hint: You are currently not seeing messages from other 
users and the system.
-Users in the 'systemd-journal' group can see all messages. Pass -q to
-turn off this notice.
-  No journal files were opened due to insufficient permissions.
- Package: sssd 1.13.4-1ubuntu1.1
- PackageArchitecture: amd64
- ProcEnviron:
-  TERM=xterm-256color
-  PATH=(custom, no user)
-  XDG_RUNTIME_DIR=
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
- ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
- Tags:  xenial uec-images
- Uname: Linux 4.4.0-47-generic x86_64
- UpgradeStatus: No upgrade log present (probably fresh install)
- UserGroups:
-  
- _MarkForUpload: True
+ * create the ubuntu principal in the EXAMPLE.COM realm with a password of 
"ubuntu". Note: please make sure your local ubuntu user uses a different 
password, or has none at all. When we login succesfully later, we want to be 
sure it was via kerberos, and not the local user.
+ $ sudo kadmin.local -q "addprinc -pw ubuntu ubu...@example.com"
+ 
+ * configure the krb5 libraries to use a fake realm by default
+ - edit /etc/krb5.conf
+ - replace the default_realm value in [libdefaults] with LOCALHOST (just so it 
fails quickly):
+   [libdefaults]
+   default_realm = LOCALHOST
+ - do not restart the kerberos services
+ 
+ * Create the sssd configuration file /etc/sssd/sssd.conf with these contents:
+ """
+ [sssd]
+ config_file_version = 2
+ services = pam
+ domains = kerberos.example.com
+ 
+ [pam]
+ 
+ [domain/kerberos.example.com]
+ id_provider = proxy
+ proxy_lib_name = files
+ auth_provider = krb5
+ krb5_server = YOURADDRESS
+ krb5_realm = EXAMPLE.COM
+ """
+ - replace YOURADDRESS with the IP of your test container or VM (do not use 
127.0.0.1)
+ - IMPORTANT: sudo chmod 0600 /etc/sssd/sssd.conf
+ 
+ * Start sssd:
+ $ sudo systemctl start sssd.service
+ 
+ * in one terminal:
+ $ tail -f /var/log/syslog
+ 
+ * in another terminal, run:
+ $ sudo login (or just become root and run login)
+ 
+ * attempt to login as ubuntu with the kerberos password created earlier 
"ubuntu"):
+ $ sudo login
+ xenial-sssd-krb5-locator-1664566 login: ubuntu
+ Password:
+ 
+ Login incorrect
+ 
+ * observe that syslog complains about not finding the the KDC for the 
EXAMPLE.COM realm:
+ Jul 21 21:03:40 xenial-sssd-krb5-locator-1664566 [sssd[krb5_child[13628]]]: 
Cannot find KDC for realm "EXAMPLE.COM"
+ 
+ * /var/log/auth will report a general PAM error with no specifics
+ 
+ * install the fixed packages from proposed
+ 
+ * retry the login as ubuntu:
+ - login succeeds
+ - no errors in /var/log/syslog
+ - /var/log/auth will 

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Launchpad Bug Tracker]

** Merge proposal linked:
   
https://code.launchpad.net/~ahasenack/ubuntu/+source/sssd/+git/sssd/+merge/327922

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

** Changed in: sssd (Ubuntu Xenial)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

** Changed in: sssd (Ubuntu Xenial)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

I'll work on this next.

** Changed in: sssd (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: sssd (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: sssd (Ubuntu Xenial)
 Assignee: (unassigned) => Andreas Hasenack (ahasenack)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

I'll work on this next.

** Changed in: sssd (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: sssd (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: sssd (Ubuntu Xenial)
 Assignee: (unassigned) => Andreas Hasenack (ahasenack)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Nish Aravamudan]

** Also affects: sssd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

** Tags added: server-next

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Andreas Hasenack]

** Tags added: server-next

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Nish Aravamudan]

** Also affects: sssd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[David Flynn]

Please can this fix be backported to xenial, otherwise AD integration can be 
quite
flakey for the current LTS release and the problem/fix is not immediately 
obvious.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Launchpad Bug Tracker]

This bug was fixed in the package sssd - 1.15.2-1ubuntu1

---
sssd (1.15.2-1ubuntu1) zesty; urgency=medium

  * Merge from Debian.
- new bugfix release

sssd (1.15.2-1) unstable; urgency=medium

  * New upstream release.
  * control: Demote adcli to sssd-ad suggests.
  * rules, common.install: Fix sssd_krb5_locator_plugin install path.
(LP: #1664566)
  * control, copyright, watch: Update upstream URLs.
  * common.install: Add libsss_files and socket activation helper.

 -- Timo Aaltonen   Thu, 06 Apr 2017 12:45:49 +0300

** Changed in: sssd (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Timo Aaltonen]

You're right, running 'strings /usr/lib/../libkrb5.so.3|grep plugins'
shows that it's ../krb5/plugins/libkrb5. For some reason I changed it to
plugins/krb5 some years ago, without a bug reference.. oh well, changed
it back now, fixed in git.

** Changed in: sssd (Ubuntu)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

[Michael Smith]

apport information

** Description changed:

  Hi,
+ 
+ I'm on Ubuntu 16.04 LTS, sssd-common 1.13.4-1ubuntu1.1, libkrb5-3
+ 1.13.2+dfsg-5.
  
  I'm in an environment with several Active Directory sites, each with a
  domain controller. When remote sites' DCs are unreachable because of a
  VPN outage, password authentication is slow or fails. tcpdump shows the
  system is trying to talk to the other sites' domain controllers, and
  timing out.
  
  sssd-common installs the locator plugin at /usr/lib/x86_64-linux-
  gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so.
  
  But I can see in strace that Kerberos apps are looking for plugins in
  /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs
  krb5).
  
  open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5",
  O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or
  directory)
  
  As a result, Kerberos doesn't respect SSSD's Active Directory site
  selection.
  
  As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5
  to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection works
  as expected.
  
  Mailing list ref: https://lists.fedorahosted.org/archives/list/sssd-
  us...@lists.fedorahosted.org/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/

** Tags added: apport-collected uec-images xenial

** Description changed:

  Hi,
  
  I'm on Ubuntu 16.04 LTS, sssd-common 1.13.4-1ubuntu1.1, libkrb5-3
  1.13.2+dfsg-5.
  
  I'm in an environment with several Active Directory sites, each with a
  domain controller. When remote sites' DCs are unreachable because of a
  VPN outage, password authentication is slow or fails. tcpdump shows the
  system is trying to talk to the other sites' domain controllers, and
  timing out.
  
  sssd-common installs the locator plugin at /usr/lib/x86_64-linux-
  gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so.
  
  But I can see in strace that Kerberos apps are looking for plugins in
  /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs
  krb5).
  
  open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5",
  O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or
  directory)
  
  As a result, Kerberos doesn't respect SSSD's Active Directory site
  selection.
  
  As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5
  to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection works
  as expected.
  
- Mailing list ref: https://lists.fedorahosted.org/archives/list/sssd-
- us...@lists.fedorahosted.org/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/
+ Mailing list ref: 
https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/
+ --- 
+ ApportVersion: 2.20.1-0ubuntu2.4
+ Architecture: amd64
+ DistroRelease: Ubuntu 16.04
+ JournalErrors:
+  Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] 
failed with exit code 1: Hint: You are currently not seeing messages from other 
users and the system.
+Users in the 'systemd-journal' group can see all messages. Pass -q to
+turn off this notice.
+  No journal files were opened due to insufficient permissions.
+ Package: sssd 1.13.4-1ubuntu1.1
+ PackageArchitecture: amd64
+ ProcEnviron:
+  TERM=xterm-256color
+  PATH=(custom, no user)
+  XDG_RUNTIME_DIR=
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
+ ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
+ Tags:  xenial uec-images
+ Uname: Linux 4.4.0-47-generic x86_64
+ UpgradeStatus: No upgrade log present (probably fresh install)
+ UserGroups:
+  
+ _MarkForUpload: True

** Attachment added: "Dependencies.txt"
   
https://bugs.launchpad.net/bugs/1664566/+attachment/4818794/+files/Dependencies.txt

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs