So I think the original problem was fixed in sssd_1.15.0-3ubuntu1, and I've fixed the component mismatch by dropping adcli down to a Suggests in sssd_1.15.0-3ubuntu2.
** Description changed: When using sssd to join to an AD domain without adcli installed there is a problem with keytab renewal, breaking authentication in some scenarios. - Fix: + Workaround: apt-get install adcli Fix found in: http://thread.gmane.org/gmane.linux.redhat.sssd.user/4065 Related bugs: https://fedorahosted.org/sssd/ticket/3017 https://fedorahosted.org/sssd/ticket/3016 Relevant /var/log/sssd/sssd_AD.ACTIVARSAS.CO.log ------------------------------------------------ (Wed Jun 8 09:38:25 2016) [sssd[be[AD.ACTIVARSAS.CO]]] [ad_machine_account_password_renewal_timeout] (0x0020): Timeout reached for AD renewal child. (Wed Jun 8 09:38:25 2016) [sssd[be[AD.ACTIVARSAS.CO]]] [be_ptask_done] (0x0040): Task [AD machine account password renewal]: failed with [1432158266]: AD renewal child failed (Wed Jun 8 09:38:25 2016) [sssd[be[AD.ACTIVARSAS.CO]]] [child_sig_handler] (0x0020): child [2533] was terminated by signal [9]. ------------------------------------------------ ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: sssd 1.13.4-1ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 Uname: Linux 4.4.0-22-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: Unity Date: Wed Jun 8 09:53:41 2016 InstallationDate: Installed on 2016-06-07 (0 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) JournalErrors: - Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] failed with exit code 1: Hint: You are currently not seeing messages from other users and the system. - Users in the 'systemd-journal' group can see all messages. Pass -q to - turn off this notice. - No journal files were opened due to insufficient permissions. + Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] failed with exit code 1: Hint: You are currently not seeing messages from other users and the system. + Users in the 'systemd-journal' group can see all messages. Pass -q to + turn off this notice. + No journal files were opened due to insufficient permissions. ProcEnviron: - LANGUAGE=es_CO:es - PATH=(custom, no user) - XDG_RUNTIME_DIR=<set> - LANG=es_CO.UTF-8 - SHELL=/bin/bash + LANGUAGE=es_CO:es + PATH=(custom, no user) + XDG_RUNTIME_DIR=<set> + LANG=es_CO.UTF-8 + SHELL=/bin/bash SourcePackage: sssd UpgradeStatus: No upgrade log present (probably fresh install) ** Description changed: When using sssd to join to an AD domain without adcli installed there is a problem with keytab renewal, breaking authentication in some scenarios. Workaround: apt-get install adcli - Fix found in: + Workaround found in: http://thread.gmane.org/gmane.linux.redhat.sssd.user/4065 Related bugs: https://fedorahosted.org/sssd/ticket/3017 https://fedorahosted.org/sssd/ticket/3016 Relevant /var/log/sssd/sssd_AD.ACTIVARSAS.CO.log ------------------------------------------------ (Wed Jun 8 09:38:25 2016) [sssd[be[AD.ACTIVARSAS.CO]]] [ad_machine_account_password_renewal_timeout] (0x0020): Timeout reached for AD renewal child. (Wed Jun 8 09:38:25 2016) [sssd[be[AD.ACTIVARSAS.CO]]] [be_ptask_done] (0x0040): Task [AD machine account password renewal]: failed with [1432158266]: AD renewal child failed (Wed Jun 8 09:38:25 2016) [sssd[be[AD.ACTIVARSAS.CO]]] [child_sig_handler] (0x0020): child [2533] was terminated by signal [9]. ------------------------------------------------ ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: sssd 1.13.4-1ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 Uname: Linux 4.4.0-22-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: Unity Date: Wed Jun 8 09:53:41 2016 InstallationDate: Installed on 2016-06-07 (0 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) JournalErrors: Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] failed with exit code 1: Hint: You are currently not seeing messages from other users and the system. Users in the 'systemd-journal' group can see all messages. Pass -q to turn off this notice. No journal files were opened due to insufficient permissions. ProcEnviron: LANGUAGE=es_CO:es PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=es_CO.UTF-8 SHELL=/bin/bash SourcePackage: sssd UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590471 Title: Problem with keytab renewal, breaking authentication when sssd is joined to an AD domain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1590471/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
