Created separated report:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1934997
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933116
Title:
[SRU] Fix GPO support in Focal
To manage
As a precision of previous message, here is my sssd.conf:
[sssd]
default_domain_suffix = my_domain
full_name_format = %1$s
domains = my_domain
config_file_version = 2
services = nss, pam
[domain/my_domain]
debug_level=9
default_shell = /bin/bash
krb5_store_password_if_offline = True
Hello,
After upgrade of sssd packages from version 2.2.3-3ubuntu0.4 to version
2.2.3-3ubuntu0.6, I could not authenticate with users from my Samba4
directory.
After enabling debug, I can see in /var/log/sssd/gpo_child.log errors:
(Mon Jul 5 18:15:20 2021) [gpo_child[9895]] [main] (0x0400):
This bug was fixed in the package sssd - 2.2.3-3ubuntu0.6
---
sssd (2.2.3-3ubuntu0.6) focal; urgency=medium
* debian/patches/fix-gpo-MS-ADTS-compliance.patch:
- Backport several upstream patches from 2.3.x and 2.4.x in ad_gpo
namespaces. This makes it compliant with MS
10:23 < jibel> sil2100, can you release ubiquity and sssd in focal proposed?
they've been tested since a bit less than a week but we need them to build an
image.
10:24 < jibel> sil2100, also Andreas considers the sssd patch as an improvement
:)
...so considering this change ACKed by the server
I verified that sssd 2.2.3-3ubuntu0.6 behaves as expected (default
domain policy is downloaded and applied) and didn't find any regression
either.
Marking as verification-done
** Tags removed: verification-needed verification-needed-focal
** Tags added: verification-done verification-done-focal
I don't know the sssd codebase so it's hard for me to assess if the huge
patch that's being added as part of this SRU indeed only touches the GPO
support or not. I will trust in your validation, but let's make sure
that no other functionality of sssd is affected by this change. Would it
be
** Description changed:
[Description]
- GPO support in focal doesn't focal MS ADTS spec and is not functional. It
means that the default domain policy containing the security policy for example
is not applied.
+ GPO support in focal doesn't follow MS ADTS spec and is not functional. It
means
FYI, 2.3 and 2.4 are respectively in Groovy and Hirsute.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933116
Title:
[SRU] Fix GPO support in Focal
To manage notifications about this bug go to: