All, This was a case where 'realm permit' of a user was causing a back-end sssd process (sssd_be) to core dump. (sigsegv). I reported this to this group a few months ago. We're working this case with the Linux OS vendor. Turns out, if we explicitly add:
ldap_sasl_authid = host/<HOST>@<HOST's REALM> to each [domain/XXX.COMPANY.COM] stanza in /etc/sssd/sssd.conf file, it no longer core dumps. That is, we have these child AD domains defined in sssd.conf [domain/AMER.COMPANY.COM] [domain/EMEA.COMPANY.COM] [domain/APAC.COMPANY.COM] However, our host is registered in only one child domain. Say AMER for a server amerhost1 in North America. So we'd set: ldap_sasl_authid = host/[email protected] in each domain stanza above. Why does this prevent sssd_be from core dumping? Not a clue! But sssd performs flawlessly once this is added. Spike On Thu, Aug 8, 2019 at 9:09 AM Spike White <[email protected]> wrote: > Here is the bugzilla link to the ticket: > > https://bugzilla.redhat.com/show_bug.cgi?id=1738375 > > So it appears a BZ has been created. > > Spike > > On Tue, Jul 16, 2019 at 3:32 PM Jakub Hrozek <[email protected]> wrote: > >> On Tue, Jul 16, 2019 at 12:32:29PM -0500, Spike White wrote: >> > The following case has been opened with RHEL support on this. It was >> > opened this morning: >> > >> > (SEV 4) Case #02427449 ('realm permit group@DOMAIN' causing background >> > process sssd_be to segfault.) >> >> Thank you, comment added. I hope a BZ would be created soon. >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
