Public bug reported:
Hi,
I'm in an environment with several Active Directory sites, each with a
domain controller. When remote sites' DCs are unreachable because of a
VPN outage, password authentication is slow or fails. tcpdump shows the
system is trying to talk to the other sites' domain controllers, and
timing out.
sssd-common installs the locator plugin at /usr/lib/x86_64-linux-
gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so.
But I can see in strace that Kerberos apps are looking for plugins in
/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs
krb5).
open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or
directory)
As a result, Kerberos doesn't respect SSSD's Active Directory site
selection.
As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5
to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection works
as expected.
Mailing list ref: https://lists.fedorahosted.org/archives/list/sssd-
[email protected]/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/
** Affects: sssd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566
Title:
sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
