[Bug 1949956] [NEW] Debian bug 955135 affects Ubuntu bionic
Public bug reported: Upstream bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955135 https://github.com/mvo5/unattended- upgrades/commit/c0773581b636ccb623094abd9554afd17a49c0ce Relevant ** Affects: unattended-upgrades (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949956 Title: Debian bug 955135 affects Ubuntu bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1949956/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775636] Re: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA
Workaround confirmed, I'll be rolling that out while waiting for that to land in xenial. If you need more info or help debugging, I'll be happy to help. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775636 Title: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1775636/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775636] Re: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA
I've been using the ipa-client-install on 14.04 and had no issues (knock on wood) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775636 Title: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1775636/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775636] Re: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA
Yes, seems right. I have setup a system with ubuntu 18.04, and the problem doesn't show up there. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775636 Title: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1775636/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775636] [NEW] sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA
Public bug reported: When trying to get the key for a person with also a client cert present in IPA the following error shows: ``` (Thu Jun 7 14:37:11:920526 2018) [/usr/bin/sss_ssh_authorizedkeys] [main] (0x0020): sss_ssh_get_ent() failed (14): Bad address Error looking up public keys ``` What is supposed to happen: return public key for user Version Information: Ubuntu 16.04.2 LTS Updated sssd-common and related tools to latest: libipa-hbac0 libsss- idmap0 python-libipa-hbac python-sss sssd sssd-ad sssd-ad-common sssd- common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy so sssd is now at: ii sssd-common1.13.4-1ubuntu1.10 amd64System Security Services Daemon -- common files This doesn't happen on Centos 7.5 (sssd-common-1.16.0-19.el7.x86_64) nor on ubuntu 14.04 (sssd-common==1.11.8-0ubuntu0.7) IPA server is on CentOS 7.5: ipa-server-4.5.4-10.el7.centos.x86_64 >From what I've seen upstream, it might be related to the fairly new handling of x509 certificates with ssh certificates in them. ** Affects: sssd (Ubuntu) Importance: Undecided Status: Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775636 Title: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1775636/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 987003] Re: In Pangolin, a new administrator profile was not registred in the sudoer group (Lubuntu /Gnome environment)
** Changed in: sudo (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/987003 Title: In Pangolin, a new administrator profile was not registred in the sudoer group (Lubuntu /Gnome environment) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/987003/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Imho, the correct fix here would be to just not fail on not getting sudoers rights from the LDAP. (correctly detecting this specific issue of course) This leaves sudo through sssd enabled for that "minority" of users (the minority probably being companies) Also, when enabling it again, people would still be faced with that error until they add rules on LDAP -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1694922] Re: /etc/cron.monthly/ieee-data fails every month on redirected URLS
update: I just assumed we didn't have wget on the system and it would use curl. But actually, it uses wget, and it still fails. Not sure why it fails now, but the point about the updated version doing it totally different still stands. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1694922 Title: /etc/cron.monthly/ieee-data fails every month on redirected URLS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ieee-data/+bug/1694922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1694922] [NEW] /etc/cron.monthly/ieee-data fails every month on redirected URLS
Public bug reported: the script fails and mails the following: run-parts: /etc/cron.monthly/ieee-data exited with return code 1 the following URLS are giving a 302 redirect: - http://standards.ieee.org/develop/regauth/oui28/mam.txt - http://standards.ieee.org/develop/regauth/oui36/oui36.txt 1) # lsb_release -rd Description:Ubuntu 16.04.2 LTS Release:16.04 2) # apt-cache policy ieee-data ieee-data: Installed: 20150531.1 Candidate: 20150531.1 Version table: *** 20150531.1 500 500 http://apt.osso.nl/ubuntu xenial/main amd64 Packages 500 http://apt.osso.nl/ubuntu xenial/main i386 Packages 100 /var/lib/dpkg/status 3) it should have grabbed the right urls or it should follow the redirects by using `curl -L`, but in later ubuntu versions this script is completely overhauled, so a backport might be more appropriate. 4) it fails with an exit code 1 and mails once for every server you have. ** Affects: ieee-data (Ubuntu) Importance: Undecided Status: New ** Tags: backport cron ieee-data ** Description changed: the script fails and mails the following: - ```run-parts: /etc/cron.monthly/ieee-data exited with return code 1``` + run-parts: /etc/cron.monthly/ieee-data exited with return code 1 - the following URLS are giving a 302 redirect: + the following URLS are giving a 302 redirect: - http://standards.ieee.org/develop/regauth/oui28/mam.txt - http://standards.ieee.org/develop/regauth/oui36/oui36.txt - 1) # lsb_release -rd + 1) # lsb_release -rd Description: Ubuntu 16.04.2 LTS Release: 16.04 2) # apt-cache policy ieee-data ieee-data: - Installed: 20150531.1 - Candidate: 20150531.1 - Version table: - *** 20150531.1 500 - 500 http://apt.osso.nl/ubuntu xenial/main amd64 Packages - 500 http://apt.osso.nl/ubuntu xenial/main i386 Packages - 100 /var/lib/dpkg/status + Installed: 20150531.1 + Candidate: 20150531.1 + Version table: + *** 20150531.1 500 + 500 http://apt.osso.nl/ubuntu xenial/main amd64 Packages + 500 http://apt.osso.nl/ubuntu xenial/main i386 Packages + 100 /var/lib/dpkg/status 3) it should have grabbed the right urls or it should follow the redirects by using `curl -L`, but in later ubuntu versions this script is completely overhauled, so a backport might be more appropriate. 4) it fails with an exit code 1 and mails once for every server you have. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1694922 Title: /etc/cron.monthly/ieee-data fails every month on redirected URLS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ieee-data/+bug/1694922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689796] Re: sudo + sssd does not work for IPA hostgroups
** Description changed: As discussed on this page: https://pagure.io/freeipa/issue/6139 Sudo + SSSD doesn't work with hostgroups. As suggested, sudo upstream has a fix for this problem in https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 It looks similar to the issue https://bugs.launchpad.net/bugs/1688034 but is actually different. - 1) root@ipa:~# lsb_release -rd + 1) root@ipa:~# lsb_release -rd Description: Ubuntu 16.04.2 LTS Release: 16.04 2) root@ipa:~# apt-cache policy sudo sudo: - Installed: 1.8.16-0ubuntu1.3 - Candidate: 1.8.16-0ubuntu1.3 - Version table: - *** 1.8.16-0ubuntu1.3 500 - 500 http://localapt/ubuntu xenial-updates/main amd64 Packages - 100 /var/lib/dpkg/status - 1.8.16-0ubuntu1 500 - 500 http://localapt/ubuntu xenial/main amd64 Packages + Installed: 1.8.16-0ubuntu1.3 + Candidate: 1.8.16-0ubuntu1.3 + Version table: + *** 1.8.16-0ubuntu1.3 500 + 500 http://localapt/ubuntu xenial-updates/main amd64 Packages + 100 /var/lib/dpkg/status + 1.8.16-0ubuntu1 500 + 500 http://localapt/ubuntu xenial/main amd64 Packages 3) I expect to be able to grant sudo rights based on IPA hostgroups - 4) "testuser is not allowed to run sudo on cw-st-ipa.catawiki.net. This + 4) "testuser is not allowed to run sudo on host.ipa.example.com. This incident will be reported." -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689796 Title: sudo + sssd does not work for IPA hostgroups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1689796/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689796] Re: sudo + sssd does not work for IPA hostgroups
It would be awesome if this could land in both 14.04 and 16.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689796 Title: sudo + sssd does not work for IPA hostgroups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1689796/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1689796] [NEW] sudo + sssd does not work for IPA hostgroups
Public bug reported: As discussed on this page: https://pagure.io/freeipa/issue/6139 Sudo + SSSD doesn't work with hostgroups. As suggested, sudo upstream has a fix for this problem in https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 It looks similar to the issue https://bugs.launchpad.net/bugs/1688034 but is actually different. 1) root@ipa:~# lsb_release -rd Description:Ubuntu 16.04.2 LTS Release:16.04 2) root@ipa:~# apt-cache policy sudo sudo: Installed: 1.8.16-0ubuntu1.3 Candidate: 1.8.16-0ubuntu1.3 Version table: *** 1.8.16-0ubuntu1.3 500 500 http://localapt/ubuntu xenial-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.8.16-0ubuntu1 500 500 http://localapt/ubuntu xenial/main amd64 Packages 3) I expect to be able to grant sudo rights based on IPA hostgroups 4) "testuser is not allowed to run sudo on cw-st-ipa.catawiki.net. This incident will be reported." ** Affects: sudo (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689796 Title: sudo + sssd does not work for IPA hostgroups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1689796/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 987003] Re: In Pangolin, a new administrator profile was not registred in the sudoer group (Lubuntu /Gnome environment)
be advised, Precise Pangolin is EOL. As such, maybe close this bug to reduce clutter? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/987003 Title: In Pangolin, a new administrator profile was not registred in the sudoer group (Lubuntu /Gnome environment) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/987003/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1677139] Re: pkcs11 setup needs fixes for SoftHSM 2.2
Found the reason for this failure, installer uses a library on the following path: /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so This path is not present on default installation of ubuntu with softhsm2. This is becoming a theme with IPA packaging it seems. So either make sure there's a symlink for it in the package, or start patching the installer to account for all the differences in paths between RHEL and Ubuntu. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1677139 Title: pkcs11 setup needs fixes for SoftHSM 2.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1677139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1677139] Re: pkcs11 setup needs fixes for SoftHSM 2.2
looks like this will allow you to finish the installation, but with bind9-pkcs11 in failed status: root@cw-ipa0:~# journalctl -xe Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net named-pkcs11[21389]: Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net named-pkcs11[21389]: adjusted limit on open files from 4096 to 1048576 Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net named-pkcs11[21389]: found 2 CPUs, using 2 worker threads Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net named-pkcs11[21389]: using 2 UDP listeners per interface Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net named-pkcs11[21389]: using up to 4096 sockets Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net named-pkcs11[21389]: initializing DST: no PKCS#11 provider Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net named-pkcs11[21389]: exiting (due to fatal error) Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net rndc[21395]: rndc: connect failed: 127.0.0.1#953: connection refused Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=bind9-pk Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net audispd[488]: type=SERVICE_STOP msg=audit(1492761164.380:1635): pid=1 uid=0 auid=429 Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net systemd[1]: bind9-pkcs11.service: Control process exited, code=exited status=1 Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net systemd[1]: bind9-pkcs11.service: Unit entered failed state. Apr 21 09:52:44 cw-ipa0.ipa.catawiki.net systemd[1]: bind9-pkcs11.service: Failed with result 'exit-code'. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1677139 Title: pkcs11 setup needs fixes for SoftHSM 2.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1677139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs