This was a case where 'realm permit' of a user was causing a back-end sssd
process (sssd_be) to core dump. (sigsegv). I reported this to this group
a few months ago. We're working this case with the Linux OS vendor. Turns
out, if we explicitly add:
ldap_sasl_authid = host/<HOST>@<HOST's REALM>
to each [domain/XXX.COMPANY.COM
] stanza in /etc/sssd/sssd.conf file, it no
longer core dumps.
That is, we have these child AD domains defined in sssd.conf
However, our host is registered in only one child domain. Say AMER for a
server amerhost1 in North America. So we'd set:
ldap_sasl_authid = host/amerhost1(a)AMER.COMPANY.COM in each domain stanza
Why does this prevent sssd_be from core dumping? Not a clue! But sssd
performs flawlessly once this is added.
On Thu, Aug 8, 2019 at 9:09 AM Spike White <spikewhitetx(a)gmail.com> wrote:
Here is the bugzilla link to the ticket:
So it appears a BZ has been created.
On Tue, Jul 16, 2019 at 3:32 PM Jakub Hrozek <jhrozek(a)redhat.com> wrote:
> On Tue, Jul 16, 2019 at 12:32:29PM -0500, Spike White wrote:
> > The following case has been opened with RHEL support on this. It was
> > opened this morning:
> > (SEV 4) Case #02427449 ('realm permit group@DOMAIN' causing background
> > process sssd_be to segfault.)
> Thank you, comment added. I hope a BZ would be created soon.
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: