URL: https://github.com/SSSD/sssd/pull/248 Author: justin-stephenson Title: #248: IPA: Improve s2n debug message for missing ipaNTSecurityIdentifier Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/248/head:pr248 git checkout pr248
From fb178cd4d7df1ad95ee35805df3d87f73b5b9267 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Tue, 25 Apr 2017 13:02:10 -0400 Subject: [PATCH] IPA: Improve s2n debug message for missing ipaNTSecurityIdentifier This patch improves the log message to be more information for the SSSD user troubleshooting issues. If the IDM POSIX group used for AD trust HBAC/SUDO operation is missing the ipaNTSecurityIdentifier it can cause client s2n operations failures resolving the group which resulted in the inability to login for the AD user. --- src/providers/ipa/ipa_s2n_exop.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 55ec904..f5f4401 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -2580,7 +2580,13 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, ret = sysdb_attrs_get_string(attrs->sysdb_attrs, SYSDB_SID_STR, &sid_str); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "Cannot find SID of object with override.\n"); + "Cannot find SID of object.\n"); + if (name != NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Object [%s] has no SID, please check the " + "ipaNTSecurityIdentifier attribute on the server-side.\n", + name); + } goto done; }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org