apport information
** Description changed:
Hi,
+
+ I'm on Ubuntu 16.04 LTS, sssd-common 1.13.4-1ubuntu1.1, libkrb5-3
+ 1.13.2+dfsg-5.
I'm in an environment with several Active Directory sites, each with a
domain controller. When remote sites' DCs are unreachable because of a
VPN outage, password authentication is slow or fails. tcpdump shows the
system is trying to talk to the other sites' domain controllers, and
timing out.
sssd-common installs the locator plugin at /usr/lib/x86_64-linux-
gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so.
But I can see in strace that Kerberos apps are looking for plugins in
/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs
krb5).
open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or
directory)
As a result, Kerberos doesn't respect SSSD's Active Directory site
selection.
As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5
to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection works
as expected.
Mailing list ref: https://lists.fedorahosted.org/archives/list/sssd-
[email protected]/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/
** Tags added: apport-collected uec-images xenial
** Description changed:
Hi,
I'm on Ubuntu 16.04 LTS, sssd-common 1.13.4-1ubuntu1.1, libkrb5-3
1.13.2+dfsg-5.
I'm in an environment with several Active Directory sites, each with a
domain controller. When remote sites' DCs are unreachable because of a
VPN outage, password authentication is slow or fails. tcpdump shows the
system is trying to talk to the other sites' domain controllers, and
timing out.
sssd-common installs the locator plugin at /usr/lib/x86_64-linux-
gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so.
But I can see in strace that Kerberos apps are looking for plugins in
/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs
krb5).
open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or
directory)
As a result, Kerberos doesn't respect SSSD's Active Directory site
selection.
As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5
to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection works
as expected.
- Mailing list ref: https://lists.fedorahosted.org/archives/list/sssd-
- [email protected]/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/
+ Mailing list ref:
https://lists.fedorahosted.org/archives/list/[email protected]/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/
+ ---
+ ApportVersion: 2.20.1-0ubuntu2.4
+ Architecture: amd64
+ DistroRelease: Ubuntu 16.04
+ JournalErrors:
+ Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000']
failed with exit code 1: Hint: You are currently not seeing messages from other
users and the system.
+ Users in the 'systemd-journal' group can see all messages. Pass -q to
+ turn off this notice.
+ No journal files were opened due to insufficient permissions.
+ Package: sssd 1.13.4-1ubuntu1.1
+ PackageArchitecture: amd64
+ ProcEnviron:
+ TERM=xterm-256color
+ PATH=(custom, no user)
+ XDG_RUNTIME_DIR=<set>
+ LANG=en_US.UTF-8
+ SHELL=/bin/bash
+ ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
+ Tags: xenial uec-images
+ Uname: Linux 4.4.0-47-generic x86_64
+ UpgradeStatus: No upgrade log present (probably fresh install)
+ UserGroups:
+
+ _MarkForUpload: True
** Attachment added: "Dependencies.txt"
https://bugs.launchpad.net/bugs/1664566/+attachment/4818794/+files/Dependencies.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664566
Title:
sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
