URL: https://github.com/SSSD/sssd/pull/248 Author: justin-stephenson Title: #248: IPA: Improve s2n debug message for missing ipaNTSecurityIdentifier Action: opened
PR body: """ This patch is piggyback This patch improves the log message to be more information for the SSSD user troubleshooting issues. If the IDM POSIX group used for AD trust HBAC/SUDO operation is missing the ipaNTSecurityIdentifier it can cause client s2n operations failures resolving the group which resulted in the inability to login for the AD user. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/248/head:pr248 git checkout pr248
From 7fea36a4aa3fb0c1edea54ecd37bcfa99af72a5b Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Tue, 25 Apr 2017 13:02:10 -0400 Subject: [PATCH] IPA: Improve s2n debug message for missing ipaNTSecurityIdentifier This patch improves the log message to be more information for the SSSD user troubleshooting issues. If the IDM POSIX group used for AD trust HBAC/SUDO operation is missing the ipaNTSecurityIdentifier it can cause client s2n operations failures resolving the group which resulted in the inability to login for the AD user. --- src/providers/ipa/ipa_s2n_exop.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 55ec904..0608e81 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -2580,7 +2580,9 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, ret = sysdb_attrs_get_string(attrs->sysdb_attrs, SYSDB_SID_STR, &sid_str); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "Cannot find SID of object with override.\n"); + "Object [%s] has no SID, please check the " + "ipaNTSecurityIdentifier attribute on the server-side.\n", + attrs->a.name); goto done; }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org