-
Notifications
You must be signed in to change notification settings - Fork 235
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) #6600
Labels
Comments
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Mar 2, 2023
So far only discovered sub-domains were adding to the [domain_realm] section of one of the krb5 config snippets SSSD is generating. To fix recent issues which were caused my missing entries of the joined domain this domain is now added as well. Resolves: SSSD#6600
alexey-tikhonov
pushed a commit
that referenced
this issue
Apr 19, 2023
So far only discovered sub-domains were adding to the [domain_realm] section of one of the krb5 config snippets SSSD is generating. To fix recent issues which were caused my missing entries of the joined domain this domain is now added as well. Resolves: #6600 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit ebc1e46)
alexey-tikhonov
pushed a commit
that referenced
this issue
Apr 19, 2023
So far only discovered sub-domains were adding to the [domain_realm] section of one of the krb5 config snippets SSSD is generating. To fix recent issues which were caused my missing entries of the joined domain this domain is now added as well. Resolves: #6600 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit ebc1e46)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Greetings,
I've recently had two cases with the issue below after upgrading to sssd-2.6.2-4.el8_6.x86_64 and would like to know if that's a bug or a feature that we should create a KCS for:
[*] Description of problem:
Authentication is failing after updating sssd pkg.ver to sssd-2.6.2-4.el8_6.x86_64 if client with configured (child) domain cannot speak to forest root:
Child domain (configured): child.root.example.com
Root domain: (not configured): root.example.com
Domain controllers are marked as 'not working' if they cannot pass the sasl_bind to forest root, although domains are still marked as Active.
[*] Version-Release number of selected component (if applicable):
[*] How reproducible:
Always - after updating sssd and if the conditions apply
[*] Additional info:
Issue is solved after configuring:
Kind regards,
The text was updated successfully, but these errors were encountered: