Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2016-05-19 Thread Jakub Hrozek
a-users@redhat.com > > Subject: Re: [Freeipa-users] HBAC access denied, all AD groups not detected > > > > On Wed, May 18, 2016 at 08:35:14AM +1000, Lachlan Musicman wrote: > > > Hmmm, I also now see > > > > > > https://fedorahosted.org/sssd/tick

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2016-05-18 Thread Simpson Lachlan
> -Original Message- > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- > boun...@redhat.com] On Behalf Of Jakub Hrozek > Sent: Wednesday, 18 May 2016 5:40 PM > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] HBAC access denied, all AD g

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2016-05-18 Thread Alexander Bokovoy
On Wed, 18 May 2016, Jakub Hrozek wrote: On Wed, May 18, 2016 at 08:35:14AM +1000, Lachlan Musicman wrote: Hmmm, I also now see https://fedorahosted.org/sssd/ticket/2642 and https://bugzilla.redhat.com/show_bug.cgi?id=1217127 Versions being run: sssd-client-1.13.0-40.el7_2.4.x86_64

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2016-05-18 Thread Jakub Hrozek
On Wed, May 18, 2016 at 08:35:14AM +1000, Lachlan Musicman wrote: > Hmmm, I also now see > > https://fedorahosted.org/sssd/ticket/2642 > and > https://bugzilla.redhat.com/show_bug.cgi?id=1217127 > > Versions being run: > > sssd-client-1.13.0-40.el7_2.4.x86_64 > sssd-ad-1.13.0-40.el7_2.4.x86_64

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2016-05-18 Thread Jakub Hrozek
On Wed, May 18, 2016 at 09:46:49AM +1000, Lachlan Musicman wrote: > It's worth noting that, in difference to the bug report: > > 1. We aren't making changes to the overrides. The overrides exist, they > just aren't propagating evenly or consistently. > 2. We are seeing these errors in the various

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2016-05-17 Thread Lachlan Musicman
It's worth noting that, in difference to the bug report: 1. We aren't making changes to the overrides. The overrides exist, they just aren't propagating evenly or consistently. 2. We are seeing these errors in the various logs: sssd_DOMAIN.log:(Wed May 18 09:00:01 2016) [sssd[be[DOMAIN]]]

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2016-05-17 Thread Lachlan Musicman
Hmmm, I also now see https://fedorahosted.org/sssd/ticket/2642 and https://bugzilla.redhat.com/show_bug.cgi?id=1217127 Versions being run: sssd-client-1.13.0-40.el7_2.4.x86_64 sssd-ad-1.13.0-40.el7_2.4.x86_64 sssd-proxy-1.13.0-40.el7_2.4.x86_64 sssd-1.13.0-40.el7_2.4.x86_64

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2016-05-17 Thread Jakub Hrozek
On Tue, May 17, 2016 at 03:08:37PM +1000, Lachlan Musicman wrote: > FWIW, > > We are seeing the issues that are described here: > > https://www.redhat.com/archives/freeipa-users/2015-December/msg00046.html > > I was about to write when I found this, it explains exactly what I am > seeing -

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2015-12-09 Thread Jakub Hrozek
On Tue, Dec 08, 2015 at 04:10:42PM -0600, Sauls, Jeff wrote: > > Jakub Hrozek wrote: > > > > On Mon, Dec 07, 2015 at 02:04:26PM -0600, Sauls, Jeff wrote: > > > > Jakub Hrozek wrote: > > > > > > > > On Fri, Dec 04, 2015 at 02:03:04PM -0600, Sauls, Jeff wrote: > > > > > Hello, > > > > > > > > > >

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2015-12-08 Thread Sauls, Jeff
> Jakub Hrozek wrote: > > On Mon, Dec 07, 2015 at 02:04:26PM -0600, Sauls, Jeff wrote: > > > Jakub Hrozek wrote: > > > > > > On Fri, Dec 04, 2015 at 02:03:04PM -0600, Sauls, Jeff wrote: > > > > Hello, > > > > > > > > We are having a problem with HBAC that appears to be related to > > > > group

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2015-12-07 Thread Jakub Hrozek
On Fri, Dec 04, 2015 at 02:03:04PM -0600, Sauls, Jeff wrote: > Hello, > > We are having a problem with HBAC that appears to be related to group > membership lookup. I am testing with a new install on RHEL 7.2 with a > cross-forest trust with AD. When an AD user attempts to log into a client >

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2015-12-07 Thread Sauls, Jeff
> Jakub Hrozek wrote: > > On Fri, Dec 04, 2015 at 02:03:04PM -0600, Sauls, Jeff wrote: > > Hello, > > > > We are having a problem with HBAC that appears to be related to group > > membership lookup. I am testing with a new install on RHEL 7.2 with a > > cross-forest trust with AD. When an AD

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2015-12-07 Thread Jakub Hrozek
On Mon, Dec 07, 2015 at 02:04:26PM -0600, Sauls, Jeff wrote: > > Jakub Hrozek wrote: > > > > On Fri, Dec 04, 2015 at 02:03:04PM -0600, Sauls, Jeff wrote: > > > Hello, > > > > > > We are having a problem with HBAC that appears to be related to group > > > membership lookup. I am testing with a