SSSd consistently goes offline upon the AD provider's recovery
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
This behavior is observed on a setup where, under normal circumstances everything runs very well, i.e. when both the sssd client and the AD provider are connected.
During an enforced absence (for redundancy testing) of the AD provider, sssd client authenticates users very well with cached user credentials (as expected by the configuration).
However, on return of the AD provider, sssd client behaves erratically. Sometimes, user authentications are refused outright and other times it takes a long time to authenticate.
Debug logs at level 7 shows, on periodic basis (around 70+ seconds) sssd client attempts to go online with AD provider, but fails consistently dropping back to offline (logs attached).
Notably, the service can only be restored by restarting sssd service at the client.
It was suggested at sssd project (https:/
This looks like an issue for sssd under Ubuntu 16.04.01 LTS.
Client (sssd) is on an Ubuntu 16.04.1 server with Samba 4.3.11 and SSSd 1.13.4.
Description: Ubuntu 16.04.1 LTS
Release: 16.04
krb5-user:
Installed: 1.13.2+dfsg-5
Candidate: 1.13.2+dfsg-5
ntp:
Installed: 1:4.2.8p4+
Candidate: 1:4.2.8p4+
samba:
Installed: 2:4.3.11+
Candidate: 2:4.3.11+
sssd:
Installed: 1.13.4-1ubuntu1.1
Candidate: 1.13.4-1ubuntu1.1
Changed in sssd (Ubuntu): | |
status: | Confirmed → Incomplete |
Thank you for taking the time to report this bug and helping to make Ubuntu better.
It sounds like upstream are unable to reproduce, so this may be a problem with Ubuntu 16.04 shipping with an older version of sssd, or some interaction with samba perhaps?
To make progress, we'll need to figure out exactly how Ubuntu is different from upstream. Unfortunately this bug is pretty specific; I don't think any Ubuntu developer is likely to look at this without more development input from someone affected.
If you are able to identify what exactly differs between Ubuntu and upstream (for example by building and test upstream versions directly, bisecting, and so forth), please do. Another thing might be to test sssd 1.14.2-1 in the current Ubuntu development release, but this is non-trivial right now as 1.14.2-1 is still in zesty-proposed.