apport information ** Description changed:
Hi, + + I'm on Ubuntu 16.04 LTS, sssd-common 1.13.4-1ubuntu1.1, libkrb5-3 + 1.13.2+dfsg-5. I'm in an environment with several Active Directory sites, each with a domain controller. When remote sites' DCs are unreachable because of a VPN outage, password authentication is slow or fails. tcpdump shows the system is trying to talk to the other sites' domain controllers, and timing out. sssd-common installs the locator plugin at /usr/lib/x86_64-linux- gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so. But I can see in strace that Kerberos apps are looking for plugins in /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs krb5). open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory) As a result, Kerberos doesn't respect SSSD's Active Directory site selection. As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5 to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection works as expected. Mailing list ref: https://lists.fedorahosted.org/archives/list/sssd- us...@lists.fedorahosted.org/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/ ** Tags added: apport-collected uec-images xenial ** Description changed: Hi, I'm on Ubuntu 16.04 LTS, sssd-common 1.13.4-1ubuntu1.1, libkrb5-3 1.13.2+dfsg-5. I'm in an environment with several Active Directory sites, each with a domain controller. When remote sites' DCs are unreachable because of a VPN outage, password authentication is slow or fails. tcpdump shows the system is trying to talk to the other sites' domain controllers, and timing out. sssd-common installs the locator plugin at /usr/lib/x86_64-linux- gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so. But I can see in strace that Kerberos apps are looking for plugins in /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs krb5). open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory) As a result, Kerberos doesn't respect SSSD's Active Directory site selection. As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5 to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection works as expected. - Mailing list ref: https://lists.fedorahosted.org/archives/list/sssd- - us...@lists.fedorahosted.org/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/ + Mailing list ref: https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/ + --- + ApportVersion: 2.20.1-0ubuntu2.4 + Architecture: amd64 + DistroRelease: Ubuntu 16.04 + JournalErrors: + Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] failed with exit code 1: Hint: You are currently not seeing messages from other users and the system. + Users in the 'systemd-journal' group can see all messages. Pass -q to + turn off this notice. + No journal files were opened due to insufficient permissions. + Package: sssd 1.13.4-1ubuntu1.1 + PackageArchitecture: amd64 + ProcEnviron: + TERM=xterm-256color + PATH=(custom, no user) + XDG_RUNTIME_DIR=<set> + LANG=en_US.UTF-8 + SHELL=/bin/bash + ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24 + Tags: xenial uec-images + Uname: Linux 4.4.0-47-generic x86_64 + UpgradeStatus: No upgrade log present (probably fresh install) + UserGroups: + + _MarkForUpload: True ** Attachment added: "Dependencies.txt" https://bugs.launchpad.net/bugs/1664566/+attachment/4818794/+files/Dependencies.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1664566 Title: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs