group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1664566] Re: sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Nish Aravamudan <nish.aravamudan@xxxxxxxxxxxxx>
Date: Thu, 06 Jul 2017 15:21:05 -0000
Reply-to: Bug 1664566 <1664566@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: sssd (Ubuntu Xenial)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1664566

Title:
  sssd_krb5_locator_plugin.so is not loaded (installed at wrong path)

Status in sssd package in Ubuntu:
  Fix Released
Status in sssd source package in Xenial:
  New

Bug description:
  Hi,

  I'm on Ubuntu 16.04 LTS, sssd-common 1.13.4-1ubuntu1.1, libkrb5-3
  1.13.2+dfsg-5.

  I'm in an environment with several Active Directory sites, each with a
  domain controller. When remote sites' DCs are unreachable because of a
  VPN outage, password authentication is slow or fails. tcpdump shows
  the system is trying to talk to the other sites' domain controllers,
  and timing out.

  sssd-common installs the locator plugin at /usr/lib/x86_64-linux-
  gnu/krb5/plugins/krb5/sssd_krb5_locator_plugin.so.

  But I can see in strace that Kerberos apps are looking for plugins in
  /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5 instead (libkrb5 vs
  krb5).

  open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5",
  O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file
  or directory)

  As a result, Kerberos doesn't respect SSSD's Active Directory site
  selection.

  As a workaround, if I copy /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5
  to /usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5, site selection
  works as expected.

  Mailing list ref: https://lists.fedorahosted.org/archives/list/sssd-users@xxxxxxxxxxxxxxxxxxxxxx/thread/UUMFE5T376D3NJLNHQSJZAJCPM35KRED/
  --- 
  ApportVersion: 2.20.1-0ubuntu2.4
  Architecture: amd64
  DistroRelease: Ubuntu 16.04
  JournalErrors:
   Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] failed with exit code 1: Hint: You are currently not seeing messages from other users and the system.
         Users in the 'systemd-journal' group can see all messages. Pass -q to
         turn off this notice.
   No journal files were opened due to insufficient permissions.
  Package: sssd 1.13.4-1ubuntu1.1
  PackageArchitecture: amd64
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
  Tags:  xenial uec-images
  Uname: Linux 4.4.0-47-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:
   
  _MarkForUpload: True

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566/+subscriptions