Don’t know if this is related, but for our puppet runs of ‘net ads’, had to add two environment variables as puppet didn’t set them, but ‘net ads’ expects them:
# Puppet doesnt provide USER and LOGNAME and net ads needs it export USER="$(id -un)" export LOGNAME="${USER}"
From: Spike White spikewhitetx@gmail.com Sent: Monday, September 16, 2019 3:47 PM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users]Re: sssd_be core dumping when ‘realm permit’ command run under puppet control…
EXTERNAL MAIL: sssd-users-bounces@lists.fedorahosted.orgmailto:sssd-users-bounces@lists.fedorahosted.org All,
This was a case where 'realm permit' of a user was causing a back-end sssd process (sssd_be) to core dump. (sigsegv). I reported this to this group a few months ago. We're working this case with the Linux OS vendor. Turns out, if we explicitly add:
ldap_sasl_authid = host/<HOST>@<HOST's REALM>
to each [domain/XXX.COMPANY.COMhttp://XXX.COMPANY.COM] stanza in /etc/sssd/sssd.conf file, it no longer core dumps.
That is, we have these child AD domains defined in sssd.conf
[domain/AMER.COMPANY.COMhttp://AMER.COMPANY.COM]
[domain/EMEA.COMPANY.COMhttp://EMEA.COMPANY.COM]
[domain/APAC.COMPANY.COMhttp://APAC.COMPANY.COM]
However, our host is registered in only one child domain. Say AMER for a server amerhost1 in North America. So we'd set:
ldap_sasl_authid = host/amerhost1@AMER.COMPANY.COMmailto:amerhost1@AMER.COMPANY.COM in each domain stanza above.
Why does this prevent sssd_be from core dumping? Not a clue! But sssd performs flawlessly once this is added.
Spike
On Thu, Aug 8, 2019 at 9:09 AM Spike White <spikewhitetx@gmail.commailto:spikewhitetx@gmail.com> wrote: Here is the bugzilla link to the ticket:
https://bugzilla.redhat.com/show_bug.cgi?id=1738375
So it appears a BZ has been created.
Spike
On Tue, Jul 16, 2019 at 3:32 PM Jakub Hrozek <jhrozek@redhat.commailto:jhrozek@redhat.com> wrote: On Tue, Jul 16, 2019 at 12:32:29PM -0500, Spike White wrote:
The following case has been opened with RHEL support on this. It was opened this morning:
(SEV 4) Case #02427449 ('realm permit group@DOMAIN' causing background process sssd_be to segfault.)
Thank you, comment added. I hope a BZ would be created soon. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.orgmailto:sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.orgmailto:sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...