[Bug 1722936] Re: sssd hbac rule applicaton for AD users is inconsistent

Andreas Hasenack andreas at canonical.com
Thu Feb 7 19:58:24 UTC 2019 

** Description changed:

+ [Impact]
+ 
+  * An explanation of the effects of the bug on users and
+ 
+  * justification for backporting the fix to the stable release.
+ 
+  * In addition, it is helpful, but not required, to include an
+    explanation of how the upload fixes this bug.
+ 
+ [Test Case]
+ 
+  * detailed instructions how to reproduce the bug
+ 
+  * these should allow someone who is not familiar with the affected
+    package to reproduce the bug and verify that the updated package fixes
+    the problem.
+ 
+ [Regression Potential]
+ 
+  * discussion of how regressions are most likely to manifest as a result
+ of this change.
+ 
+  * It is assumed that any SRU candidate patch is well-tested before
+    upload and has a low overall risk of regression, but it's important
+    to make the effort to think about what ''could'' happen in the
+    event of a regression.
+ 
+  * This both shows the SRU team that the risks have been considered,
+    and provides guidance to testers in regression-testing the SRU.
+ 
+ [Other Info]
+  
+  * Anything else you think is useful to include
+  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
+  * and address these questions in advance
+ 
+ 
+ [Original Description]
  NAME="Ubuntu"
  VERSION="16.04.3 LTS (Xenial Xerus)"
  
  sssd Version: 1.13.4-1ubuntu1.8
  
  I'm sometimes seeing AD users denied access to a machine due to HBAC
  access rules:
  
  (Tue Oct  3 04:11:09 2017) [sssd[be[nwra.com]]]
  [ipa_hbac_evaluate_rules] (0x0080): Access denied by HBAC rules
  
  Upstream suggest applying this commit:
  
  https://pagure.io/SSSD/sssd/c/88f6d8ad4eef4b4fa032fd451ad732cf8201b0bf
  
  That was made on the 1.13 branch but not yet released.  More here:
  
  https://lists.fedorahosted.org/archives/list/sssd-
  users at lists.fedorahosted.org/message/YIHC2C6JDNQLYMW7K7IXQKKIIRMO3QER/
  
  I'm currently testing out a local package with this patch.

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1722936

Title:
  sssd hbac rule applicaton for AD users is inconsistent

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1722936/+subscriptions

More information about the Ubuntu-server-bugs mailing list