This was a case where 'realm permit' of a user was causing a back-end sssd process (sssd_be) to core dump.  (sigsegv).   I reported this to this group a few months ago.  We're working this case with the Linux OS vendor.  Turns out, if we explicitly add:

ldap_sasl_authid = host/<HOST>@<HOST's REALM>

to each [domain/XXX.COMPANY.COM] stanza in /etc/sssd/sssd.conf file, it no longer core dumps.

That is, we have these child AD domains defined in sssd.conf




However, our host is registered in only one child domain.  Say AMER for a server amerhost1 in North America.   So we'd set:

ldap_sasl_authid = host/amerhost1@AMER.COMPANY.COM  in each domain stanza above.

Why does this prevent sssd_be from core dumping?  Not a clue!  But sssd performs flawlessly once this is added.


On Thu, Aug 8, 2019 at 9:09 AM Spike White <> wrote:
Here is the bugzilla link to the ticket: 

   So it appears a BZ has been created.


On Tue, Jul 16, 2019 at 3:32 PM Jakub Hrozek <> wrote:
On Tue, Jul 16, 2019 at 12:32:29PM -0500, Spike White wrote:
> The following case has been opened with RHEL support on this.  It was
> opened this morning:
> (SEV 4) Case #02427449 ('realm permit group@DOMAIN' causing background
> process sssd_be to segfault.)

Thank you, comment added. I hope a BZ would be created soon.
sssd-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives: