Don’t know if this is related, but for our puppet runs of ‘net ads’, had to add two environment variables as puppet didn’t set them, but ‘net ads’ expects them:
# Puppet doesnt provide USER and LOGNAME and net ads needs it
export USER="$(id -un)"
From: Spike White <firstname.lastname@example.org>
Sent: Monday, September 16, 2019 3:47 PM
To: End-user discussions about the System Security Services Daemon <email@example.com>
Subject: [SSSD-users]Re: sssd_be core dumping when ‘realm permit’ command run under puppet control…
EXTERNAL MAIL: firstname.lastname@example.org
This was a case where 'realm permit' of a user was causing a back-end sssd process (sssd_be) to core dump. (sigsegv). I reported this to this group a few months ago. We're working this case with the Linux OS vendor. Turns out, if we explicitly add:
ldap_sasl_authid = host/<HOST>@<HOST's REALM>
to each [domain/XXX.COMPANY.COM] stanza in /etc/sssd/sssd.conf file, it no longer core dumps.
That is, we have these child AD domains defined in sssd.conf
However, our host is registered in only one child domain. Say AMER for a server amerhost1 in North America. So we'd set:
ldap_sasl_authid = host/amerhost1@AMER.COMPANY.COM in each domain stanza above.
Why does this prevent sssd_be from core dumping? Not a clue! But sssd performs flawlessly once this is added.
On Thu, Aug 8, 2019 at 9:09 AM Spike White <email@example.com> wrote:
Here is the bugzilla link to the ticket:
So it appears a BZ has been created.
On Tue, Jul 16, 2019 at 3:32 PM Jakub Hrozek <firstname.lastname@example.org> wrote:
On Tue, Jul 16, 2019 at 12:32:29PM -0500, Spike White wrote:
> The following case has been opened with RHEL support on this. It was
> opened this morning:
> (SEV 4) Case #02427449 ('realm permit group@DOMAIN' causing background
> process sssd_be to segfault.)
Thank you, comment added. I hope a BZ would be created soon.
sssd-users mailing list -- email@example.com
To unsubscribe send an email to firstname.lastname@example.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://email@example.com