Re: [Freeipa-users] sssd in Ubuntu
On Sun, Dec 11, 2011 at 11:49:46PM +0100, Sigbjorn Lie wrote: On the other hand, even though looking up users, groups and netgroups seem fine, I cannot log in. Neither at the console, su, or ssh. Was there an issue with HBAC rules in SSSD 1.5.13 ? Dec 11 21:13:32 mint12 su[6769]: pam_sss(su:account): Access denied for user test: 6 (Permission denied) Rgds, Siggi Yes, there was a number of HBAC-related fixes since 1.5.13. The following commits touched files in src/providers/ipa/ipa_hbac*.[ch]: * Add a missing break (9077c3ebec92454d8ed949491c4ca89ed6cdf75a) * Do not access memory out of bounds (a2a954c4186aaa9e9dd027aebb986062fc5670e7) * HBAC: fix typos preventing proper hostgroup evaluation (28a9f96c3f9e6aa30fb1c33fe2ee2b1d7ef6) * HBAC: Do not save member/memberOf links (d14a28835223c0578b0a28a8c74d11777c50bcb9) * HBAC: Use originalMember for identifying servicegroups (d74b59b13208fa9508baaf5a1a5172fecad321ae) * HBAC: Use originalMember for identifying hostgroups (7c77e790204f82bce88dd6ecd237c941a9389349) Obviously, the Ubuntu package might have backported some of these into their 1.5.13 distribution package. The list was taken from upstream 1.5 branch. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] sssd in Ubuntu
Hi, Anyone attempting to use the sssd currently available in the Ubuntu package tree (1.5.13), need to also remember to install the packages: libsasl2-modules-gssapi-mit and libsasl2-modules-ldap for SSSD to work with IPA as a provider. These packages are not set up as dependencies for the sssd package. Bug filed with Ubuntu: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/902902 Regards, Siggi ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] sssd in Ubuntu
On the other hand, even though looking up users, groups and netgroups seem fine, I cannot log in. Neither at the console, su, or ssh. Was there an issue with HBAC rules in SSSD 1.5.13 ? Dec 11 21:13:32 mint12 su[6769]: pam_sss(su:account): Access denied for user test: 6 (Permission denied) Rgds, Siggi On 12/11/2011 09:20 PM, Sigbjorn Lie wrote: Hi, Anyone attempting to use the sssd currently available in the Ubuntu package tree (1.5.13), need to also remember to install the packages: libsasl2-modules-gssapi-mit and libsasl2-modules-ldap for SSSD to work with IPA as a provider. These packages are not set up as dependencies for the sssd package. Bug filed with Ubuntu: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/902902 Regards, Siggi ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users