10:43 a.m.
sssd experts,
This sssd version (released Tue 23 Nov 2021) is under-discovering AD
domains.
A similar sssd bug occurred last July, where sssd over-discovered AD
domains (AD domains for which there was not a legal trust relationship with
this AD domain.) Now, it appears that sssd is under-discovering AD domains
(not discovering AD domains which have a valid trust relationship with this
AD domain).
Ultimately, an sssd developer on this sssd mailing list (Sumit Rose)
resolved the July bug of AD domain over-discovery. Hopefully, someone
will recognize this new AD domain under-discovery bug.
We have opened RedHat support case #03124778 for this new AD domain
under-discovery bug. But to be frank, such complicated sssd bugs don’t get
resolved by RHEL L1 customer support. (RHEL customer support is great, but
not for complicated sssd bugs.)
For now, we have pulled sssd-*-1.16.5-10.0.1.el7_9.11.x86_64 RPMs out of
our Jan OS patching cycle.
Spike
12:10 p.m.
New subject: sssd-1.16.5-10.0.1.el7_9.11.x86_64 is under-discovering AD domains
On Tue, Jan 18, 2022 at 5:52 PM Spike White <spikewhitetx(a)gmail.com> wrote:
sssd experts,
This sssd version (released Tue 23 Nov 2021) is under-discovering AD
domains.
A similar sssd bug occurred last July, where sssd over-discovered AD
domains (AD domains for which there was not a legal trust relationship with
this AD domain.) Now, it appears that sssd is under-discovering AD domains
(not discovering AD domains which have a valid trust relationship with this
AD domain).
Ultimately, an sssd developer on this sssd mailing list (Sumit Rose)
resolved the July bug of AD domain over-discovery. Hopefully, someone
will recognize this new AD domain under-discovery bug.
We have opened RedHat support case #03124778 for this new AD domain
under-discovery bug. But to be frank, such complicated sssd bugs don’t get
resolved by RHEL L1 customer support. (RHEL customer support is great, but
not for complicated sssd bugs.)
For now, we have pulled sssd-*-1.16.5-10.0.1.el7_9.11.x86_64 RPMs out of
our Jan OS patching cycle.
Please check the description of
https://bugzilla.redhat.com/show_bug.cgi?id=2032867
Does it match your issue?
Btw, ".0.1." in "1.16.5-10.0.1.el7_9.11" looks weird. Package version
should be 1.16.5-10.el7_9.10
Spike
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
12:39 p.m.
New subject: sssd-1.16.5-10.0.1.el7_9.11.x86_64 is under-discovering AD domains
Alexey,
Yes -- same bug.
Here's what's cute. It only occurs on specific child AD domains. for
instance, APAC (asia pacific) can see only EMEA (Europe-Middle
East-Africa). Cannot see AMER (Americas). Consistently, all servers in
that child domain cannot discover (with this new sssd version).
In other AD domains (like AMER), consistently all servers with this new
sssd version do discover all AD domains. So servers in AMER discover all
expected domains.
Spike
On Tue, Jan 18, 2022 at 12:11 PM Alexey Tikhonov <atikhono(a)redhat.com>
wrote:
On Tue, Jan 18, 2022 at 5:52 PM Spike White <spikewhitetx(a)gmail.com>
wrote:
> sssd experts,
>
> This sssd version (released Tue 23 Nov 2021) is under-discovering AD
> domains.
>
> A similar sssd bug occurred last July, where sssd over-discovered AD
> domains (AD domains for which there was not a legal trust relationship with
> this AD domain.) Now, it appears that sssd is under-discovering AD domains
> (not discovering AD domains which have a valid trust relationship with this
> AD domain).
>
> Ultimately, an sssd developer on this sssd mailing list (Sumit Rose)
> resolved the July bug of AD domain over-discovery. Hopefully, someone
> will recognize this new AD domain under-discovery bug.
>
> We have opened RedHat support case #03124778 for this new AD domain
> under-discovery bug. But to be frank, such complicated sssd bugs don’t get
> resolved by RHEL L1 customer support. (RHEL customer support is great, but
> not for complicated sssd bugs.)
>
> For now, we have pulled sssd-*-1.16.5-10.0.1.el7_9.11.x86_64 RPMs out of
> our Jan OS patching cycle.
>
Please check the description of
https://bugzilla.redhat.com/show_bug.cgi?id=2032867
Does it match your issue?
Btw, ".0.1." in "1.16.5-10.0.1.el7_9.11" looks weird. Package
version
should be 1.16.5-10.el7_9.10
> Spike
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
1:06 p.m.
New subject: sssd-1.16.5-10.0.1.el7_9.11.x86_64 is under-discovering AD domains
On Tue, Jan 18, 2022 at 8:00 PM Spike White <spikewhitetx(a)gmail.com> wrote:
Alexey,
Yes -- same bug.
Then please feel free to ask support to attach your case to this BZ.
The fix -
https://github.com/SSSD/sssd/commit/64192cf7c2823ae93820623b0ae285b697fabe12
- is planned to be shipped as a RHEL7.9 z-stream batch update.
Here's what's cute. It only occurs on specific child AD domains. for
instance, APAC (asia pacific) can see only EMEA (Europe-Middle
East-Africa). Cannot see AMER (Americas). Consistently, all servers in
that child domain cannot discover (with this new sssd version).
In other AD domains (like AMER), consistently all servers with this new
sssd version do discover all AD domains. So servers in AMER discover all
expected domains.
Spike
On Tue, Jan 18, 2022 at 12:11 PM Alexey Tikhonov <atikhono(a)redhat.com>
wrote:
>
>
> On Tue, Jan 18, 2022 at 5:52 PM Spike White <spikewhitetx(a)gmail.com>
> wrote:
>
>> sssd experts,
>>
>> This sssd version (released Tue 23 Nov 2021) is under-discovering AD
>> domains.
>>
>> A similar sssd bug occurred last July, where sssd over-discovered AD
>> domains (AD domains for which there was not a legal trust relationship with
>> this AD domain.) Now, it appears that sssd is under-discovering AD domains
>> (not discovering AD domains which have a valid trust relationship with this
>> AD domain).
>>
>> Ultimately, an sssd developer on this sssd mailing list (Sumit Rose)
>> resolved the July bug of AD domain over-discovery. Hopefully, someone
>> will recognize this new AD domain under-discovery bug.
>>
>> We have opened RedHat support case #03124778 for this new AD domain
>> under-discovery bug. But to be frank, such complicated sssd bugs don’t get
>> resolved by RHEL L1 customer support. (RHEL customer support is great, but
>> not for complicated sssd bugs.)
>>
>> For now, we have pulled sssd-*-1.16.5-10.0.1.el7_9.11.x86_64 RPMs out
>> of our Jan OS patching cycle.
>>
>
> Please check the description of
> https://bugzilla.redhat.com/show_bug.cgi?id=2032867
> Does it match your issue?
>
> Btw, ".0.1." in "1.16.5-10.0.1.el7_9.11" looks weird. Package
version
> should be 1.16.5-10.el7_9.10
>
>
>
>
>
>> Spike
>> _______________________________________________
>> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
>> Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
>>
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
826
days inactive
826
days old
sssd-users@lists.fedorahosted.org
3 comments
2 participants
participants (2)
-
Alexey Tikhonov -
Spike White