Problem with keytab renewal, breaking authentication when sssd is joined to an AD domain
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
When using sssd to join to an AD domain without adcli installed there is a problem with keytab renewal, breaking authentication in some scenarios.
Workaround:
apt-get install adcli
Workaround found in:
http://
Related bugs:
https:/
https:/
Relevant /var/log/
-------
(Wed Jun 8 09:38:25 2016) [sssd[be[
(Wed Jun 8 09:38:25 2016) [sssd[be[
(Wed Jun 8 09:38:25 2016) [sssd[be[
-------
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: sssd 1.13.4-1ubuntu1
ProcVersionSign
Uname: Linux 4.4.0-22-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Jun 8 09:53:41 2016
InstallationDate: Installed on 2016-06-07 (0 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
JournalErrors:
Error: command ['journalctl', '-b', '--priority=
Users in the 'systemd-journal' group can see all messages. Pass -q to
turn off this notice.
No journal files were opened due to insufficient permissions.
ProcEnviron:
LANGUAGE=es_CO:es
PATH=(custom, no user)
XDG_RUNTIME_
LANG=es_CO.UTF-8
SHELL=/bin/bash
SourcePackage: sssd
UpgradeStatus: No upgrade log present (probably fresh install)
Thank you for taking the time to report this bug and helping to make Ubuntu better. I don't see this in Debian sssd packaging either. This should be sent up to Debian for consideration to add a Depends or Recommends on adcli.