sssd

Bug #1934997
Comment #23

Comment 23 for bug 1934997

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2022-07-06:

#23

Focal verification

Reproducing the bug:
root@sssdclient:~# apt-cache policy sssd
sssd:
  Installed: 2.2.3-3ubuntu0.8
  Candidate: 2.2.3-3ubuntu0.8
  Version table:
*** 2.2.3-3ubuntu0.8 500
        500 http://br.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 http://br.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status

Login fails:
root@sssdclient:~# getent passwd <email address hidden>
<email address hidden>:*:906401103:906400513:testuser:/<email address hidden>:/bin/bash

root@sssdclient:~# login <email address hidden>
Password:

System error

Logs show it tried to fetch a gpo file and failed:
root@sssdclient:~# cat /var/log/sssd/gpo_child.log
(Wed Jul 6 14:07:59 2022) [gpo_child[2738]] [copy_smb_file_to_gpo_cache] (0x0020): smbc_getFunctionOpen failed [2][No such file or directory]
(Wed Jul 6 14:07:59 2022) [gpo_child[2738]] [perform_smb_operations] (0x0020): copy_smb_file_to_gpo_cache failed [2][No such file or directory]
(Wed Jul 6 14:07:59 2022) [gpo_child[2738]] [main] (0x0020): perform_smb_operations failed.[2][No such file or directory].
(Wed Jul 6 14:07:59 2022) [gpo_child[2738]] [main] (0x0020): gpo_child failed!

Adding the "ad_gpo_access_control = permissive" workaround to /etc/sssd/sssd.conf and restarting makes it work:

root@sssdclient:~# login <email address hidden>
Password:
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-1070-kvm x86_64)
(...)
Creating directory '/<email address hidden>'.
<email address hidden>@sssdclient:~$ id
uid=906401103(<email address hidden>) gid=906400513(domain <email address hidden>) groups=906400513(domain <email address hidden>)

Removing the workaround from /etc/sssd/sssd.conf, restarting sssd, purging the cache, confirming the failure one more time:
root@sssdclient:~# vi /etc/sssd/sssd.conf
root@sssdclient:~# systemctl restart sssd
root@sssdclient:~# sssctl cache-remove -o -p -s
Creating backup of local data...
Removing cache files...
root@sssdclient:~# login <email address hidden>
Password:

System error

And now updating sssd to the version in proposed:
root@sssdclient:~# apt-cache policy sssd
sssd:
  Installed: 2.2.3-3ubuntu0.9
  Candidate: 2.2.3-3ubuntu0.9
  Version table:
*** 2.2.3-3ubuntu0.9 500
        500 http://br.archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status

root@sssdclient:~# grep permissive /etc/sssd/sssd.conf

root@sssdclient:~# login <email address hidden>
Password:
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-1070-kvm x86_64)
(...)
Last login: Wed Jul 6 14:10:29 UTC 2022 on pts/0
<email address hidden>@sssdclient:~$ id
uid=906401103(<email address hidden>) gid=906400513(domain <email address hidden>) groups=906400513(domain <email address hidden>)

And the gpo_child.log (after bumping debug to 2 again) are silent this time.

Focal verification succeeded.

Focal verification

Reproducing the bug:
root@sssdclient:~# apt-cache policy sssd
sssd:
  Installed: 2.2.3-3ubuntu0.8
  Candidate: 2.2.3-3ubuntu0.8
  Version table:
 *** 2.2.3-3ubuntu0.8 500
        500 http://br.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 http://br.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status

Login fails:
root@sssdclient:~# getent passwd testuser@TEST.LAN
testuser@test.lan:*:906401103:906400513:testuser:/home/testuser@test.lan:/bin/bash

root@sssdclient:~# login testuser@TEST.LAN
Password:

System error

Logs show it tried to fetch a gpo file and failed:
root@sssdclient:~# cat /var/log/sssd/gpo_child.log 
(Wed Jul  6 14:07:59 2022) [gpo_child[2738]] [copy_smb_file_to_gpo_cache] (0x0020): smbc_getFunctionOpen failed [2][No such file or directory]
(Wed Jul  6 14:07:59 2022) [gpo_child[2738]] [perform_smb_operations] (0x0020): copy_smb_file_to_gpo_cache failed [2][No such file or directory]
(Wed Jul  6 14:07:59 2022) [gpo_child[2738]] [main] (0x0020): perform_smb_operations failed.[2][No such file or directory].
(Wed Jul  6 14:07:59 2022) [gpo_child[2738]] [main] (0x0020): gpo_child failed!

Adding the "ad_gpo_access_control = permissive" workaround to /etc/sssd/sssd.conf and restarting makes it work:

root@sssdclient:~# login testuser@TEST.LAN
Password: 
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-1070-kvm x86_64)
(...)
Creating directory '/home/testuser@test.lan'.
testuser@test.lan@sssdclient:~$ id
uid=906401103(testuser@test.lan) gid=906400513(domain users@test.lan) groups=906400513(domain users@test.lan)

Removing the workaround from /etc/sssd/sssd.conf, restarting sssd, purging the cache, confirming the failure one more time:
root@sssdclient:~# vi /etc/sssd/sssd.conf 
root@sssdclient:~# systemctl restart sssd
root@sssdclient:~# sssctl cache-remove -o -p -s
Creating backup of local data...
Removing cache files...
root@sssdclient:~# login testuser@TEST.LAN
Password:

System error

And now updating sssd to the version in proposed:
root@sssdclient:~# apt-cache policy sssd
sssd:
  Installed: 2.2.3-3ubuntu0.9
  Candidate: 2.2.3-3ubuntu0.9
  Version table:
 *** 2.2.3-3ubuntu0.9 500
        500 http://br.archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status

root@sssdclient:~# grep permissive /etc/sssd/sssd.conf

root@sssdclient:~# login testuser@TEST.LAN
Password: 
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-1070-kvm x86_64)
(...)
Last login: Wed Jul  6 14:10:29 UTC 2022 on pts/0
testuser@test.lan@sssdclient:~$ id
uid=906401103(testuser@test.lan) gid=906400513(domain users@test.lan) groups=906400513(domain users@test.lan)

And the gpo_child.log (after bumping debug to 2 again) are silent this time.

Focal verification succeeded.