https://bugzilla.redhat.com/show_bug.cgi?id=2035625
Bug ID: 2035625 Summary: sssd AD auth broken with sssd_be segfault Product: Fedora Version: 35 Hardware: x86_64 OS: Linux Status: NEW Component: sssd Severity: high Assignee: sssd-maintainers@lists.fedoraproject.org Reporter: dowdle@montanalinux.org QA Contact: extras-qa@fedoraproject.org CC: abokovoy@redhat.com, atikhono@redhat.com, jhrozek@redhat.com, lslebodn@redhat.com, luk.claes@gmail.com, mzidek@redhat.com, pbrezina@redhat.com, sbose@redhat.com, ssorce@redhat.com, sssd-maintainers@lists.fedoraproject.org Target Milestone: --- Classification: Fedora
All of my F35 hosts no longer have working active directory authentication via sssd... and I'm receiving the following segfault error every few seconds:
sssd_be[pid]: segfault at 0 ip 00007f9cfecb00da sp 00007ffd389203e8 error 4 in libc.so.6
In the journal log entries for sssd I see: sssd_be[2341]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (KDC has no support for encryption type)
https://bugzilla.redhat.com/show_bug.cgi?id=2035625
Alexander Bokovoy abokovoy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Doc Type|--- |If docs needed, set a value Flags| |needinfo?(dowdle@montanalin | |ux.org)
--- Comment #1 from Alexander Bokovoy abokovoy@redhat.com --- Please see recommendations at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm...
Fedora 35 does not enable RC4 cipher in Kerberos, this means SSSD would attempt to use AES ciphers by default. If your AD users do not have AES keys, then there would be no common encryption type.
It would, however, be good to see the full crash dump and stack trace. May be there is something else at play too.
Could you please enable 'debug_level=9' in the domain section?
https://bugzilla.redhat.com/show_bug.cgi?id=2035625
Scott Dowdle dowdle@montanalinux.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG Flags|needinfo?(dowdle@montanalin | |ux.org) | Last Closed| |2021-12-26 06:31:26
--- Comment #2 from Scott Dowdle dowdle@montanalinux.org --- I used the recommendation from the RHEL8 article that you pointed me to... and that works. I just didn't expect this behavior having run into the problem as a result of upgrading from F34 (where it was working) to F35. Sounds like something to have a wiki page about.
Marking as closed.
https://bugzilla.redhat.com/show_bug.cgi?id=2035625
Alexey Tikhonov atikhono@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(dowdle@montanalin | |ux.org)
--- Comment #3 from Alexey Tikhonov atikhono@redhat.com --- Hi,
Could you please still provide a coredump and, ideally, sssd_$domain.log with debug_level=9 that corresponds this crash?
IIRC, sssd_be doesn't operate kerberos credentials so dump shouldn't have it either, but if this worries you please feel free to email me or sssd-maintainers@lists.fedoraproject.org directly.
https://bugzilla.redhat.com/show_bug.cgi?id=2035625
Scott Dowdle dowdle@montanalinux.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(dowdle@montanalin | |ux.org) |
--- Comment #4 from Scott Dowdle dowdle@montanalinux.org --- Sorry, I don't have any more broken systems to do that stuff.
https://bugzilla.redhat.com/show_bug.cgi?id=2035625
Alexey Tikhonov atikhono@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|NOTABUG |INSUFFICIENT_DATA
--- Comment #5 from Alexey Tikhonov atikhono@redhat.com --- Please reopen in case new information available.
https://bugzilla.redhat.com/show_bug.cgi?id=2035625
Oleg Bulavsky oleg@bulavsky.pp.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |oleg@bulavsky.pp.ru
--- Comment #6 from Oleg Bulavsky oleg@bulavsky.pp.ru --- Same problem on Oracle Linux 9 & RedHat Enterprise Linux 9. Have coredump file & sssd_[DOMAIN].log Problem repeat each 4 hours (1440s).
sssd-maintainers@lists.fedoraproject.org