This bug was fixed in the package sssd - 1.13.4-1ubuntu1.1
---
sssd (1.13.4-1ubuntu1.1) xenial; urgency=medium
* Sync 1.13.4-3 changes from debian/yakkety.
sssd (1.13.4-3) unstable; urgency=medium
* common: Add /var/lib/sss/gpo_cache. (LP: #1579092)
*
Yet do not forget to insert in file sssd.conf directive
ad_gpo_access_control = permissive
in the [domain] section.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't
Is there a timeline on releasing this fix for 16.04?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To manage notifications about this bug go
Is there anything left to test on this package? If so, I would be happy
to help.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To manage
Sorry about that, I messed up reading the strace. It is setting
umask(111) just prior to the bind() call.
The problem was that the install had (due to a bug in the version of tar
used during installation) gotten a default acl set on every directory
causing the incorrect permission.
So Timo was
Can you paste the strace that shows the pipes setting the wrong umask?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To manage notifications
I still say it's a bug in the sssd package.
If i remove the package (aptitude purge all-sssd-packages), do rm -rf
/var/lib/sss, remove every trace of sssd then reinstall the package,
they still return with 644 permission.
And doing an strace of sssd when it starts up also shows that umask is
The package only provides /var/lib/sss/pipes with correct permissions, a
running daemon creates the sockets under it and in your case the system
configuration messes up the permissions for some reason. That is out of
scope of this bug, and not a bug in the package but your system
configuration.
Timo, what do you mean with "not a bug on the package"?
It is setting incorrect permissions on /var/lib/sss/pipes/{nss,pam}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user
still, not a bug on the package
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To manage notifications about this bug go to:
We haven't set any ACLs ourselves at least.
root@b-an01:~# getfacl /var/lib/sss
getfacl: Removing leading '/' from absolute path names
# file: var/lib/sss
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x
root@b-an01:~# getfacl
I can confirm that it fixed the problem.
thanks
On 01/08/16 17:13, Tom Seewald wrote:
> Ake have you been able to reproduce the issue on a fresh install with
> the proposed package?
>
--
Digital Services
Cambridge University Library
West Road; Cambridge; CB3 9DR
Tel: +44 -1223765388
--
You
ake, do you have ACLs in use? getfacl /var/lib/sss should show
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To manage notifications about
Stopping the service, removing the sockets and starting the service
makes them come back with 644 as permission.
And purging the packages, cleaning out /var/lib/sss, installing sssd
again and starting, the permission for /var/lib/sss/pipes/{nss,pam} are
still 644, root owned.
--
You received
Ake have you been able to reproduce the issue on a fresh install with
the proposed package?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To
It seems that sssd_nss and sssd_pam have a similar problem. The created
/var/lib/sss/pipes/nss and /var/lib/sss/pipes/pam are getting a 644 permission
causing for instance "id" to fail on lookups.
The just uploaded 1.13.4-1ubuntu1.1 is still showing this specific
problem here at least.
--
You
I can verify this has fixed the issue.
After spinning up a new VM with 16.04.1 server and installing the
proposed package SSSD 1.13.4-1ubuntu1.1, I can login with domain
accounts.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification
Hello Wojciech, or anyone else affected,
Accepted sssd into xenial-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/sssd/1.13.4-1ubuntu1.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
uploaded to the queue
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To manage notifications about this bug go to:
Are there plans to fix this in 16.04, or will this only be fixed in
future versions of Ubuntu?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
>From what Jakub posted, it appears that these are the patches that
resolve this bug with sssd 1.13:
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=df1a928455d0e5892ec129589f74e1704f66f201
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=0060bfb03ae7678617accf61b45a13d625697cee
--
** Changed in: sssd (Ubuntu Xenial)
Status: Incomplete => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To manage
Why is this still marked as incomplete?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579092
Title:
sssd user can't login and ssh to server
To manage notifications about this bug go to:
This is upstream bug https://fedorahosted.org/sssd/ticket/2962 btw.
** Bug watch added: fedorahosted.org/sssd/ #2962
https://fedorahosted.org/sssd/ticket/2962
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Timo,
I can confirm that creating just /var/lib/sss/gpo_cache and changing
ownership to sssd resolves the issue.
Steps taken:
Spun up a new 16.04 server, updated all packages, installed relevant
packages for realmd/sssd to work, rebooted.
Joined domain using realmd, verified it was
This bug was fixed in the package sssd - 1.13.4-3
---
sssd (1.13.4-3) unstable; urgency=medium
* common: Add /var/lib/sss/gpo_cache. (LP: #1579092)
* gpo-add-unity-to-ad-gpo-map-interactive.diff: Allow logging in from
unity lockscreen. (LP: #1578415)
-- Timo Aaltonen
apparmor is not enforced, the failure here is most likely that gpo_cache
directory is not created by the package.
Please test by just creating that directory and check if sssd then is
able to create the domain subdir.
** Also affects: sssd (Ubuntu Xenial)
Importance: Undecided
Status:
27 matches
Mail list logo
