sssd core dumps on group lookup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Hi,
We have SSSD authenticating against Active Directory on a large cluster of hadoop machines. Intermittently we're seeing JVM processes (Apache Spark jobs) core dumping when they attempt to lookup the group owner of a file. The group comes from Active Directory. The group contains roughly 30 users.
#######
(gdb) bt
#0 0x00007f789005acc9 in __GI_raise (sig=sig@entry=6) at ../nptl/
#1 0x00007f789005e0d8 in __GI_abort () at abort.c:89
#2 0x00007f788f3abd69 in os::abort(bool) () from /usr/lib/
#3 0x00007f788f53133f in VMError:
#4 0x00007f788f3b4b4f in JVM_handle_
#5 <signal handler called>
#6 sss_nss_
#7 0x00007f788d33ed1b in sss_nss_mc_get_ctx (name=name@
#8 0x00007f788d33f7d9 in sss_nss_mc_getgrgid (gid=gid@
#9 0x00007f788d33da56 in _nss_sss_getgrgid_r (gid=10002, result=
#10 0x00007f78900e2b0c in __getgrgid_r (gid=10002, resbuf=
#11 0x00007f7841cabfe6 in ?? ()
#12 0x00000000014f2bb0 in ?? ()
#######
Here's our sssd config:
/etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
#debug_level = 0x4000
[nss]
[pam]
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_schema = rfc2307bis
ldap_uri = ldaps:/
ldap_search_base = <hidden>
ldap_id_mapping = False
ldap_user_
ldap_group_
ldap_user_
ldap_user_name = msSFU30Name
ldap_user_fullname = displayName
ldap_user_
ldap_user_principal = userPrincipalName
ldap_group_
ldap_group_name = sAMAccountName
ldap_user_
ldap_user_
#Bind credentials
ldap_default_
ldap_default_
ldap_tls_reqcert = allow
cache_credentials = true
enumerate = false
Our nsswitch.conf:
passwd: compat sss
group: compat sss
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files sss
$ grep sss /etc/pam.d/
common-
common-auth:auth [success=2 default=ignore] pam_sss.so use_first_pass
common-
common-
Versions:
DISTRIB_ID=Ubuntu
DISTRIB_
DISTRIB_
DISTRIB_
Linux 3.13.0-49-generic #83-Ubuntu SMP Fri Apr 10 20:11:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
$ dpkg -l | grep sssd
ii sssd 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- metapackage
ii sssd-ad 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- Active Directory back end
ii sssd-ad-common 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- PAC responder
ii sssd-common 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- common files
ii sssd-ipa 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- IPA back end
ii sssd-krb5 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- Kerberos back end
ii sssd-krb5-common 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- Kerberos helpers
ii sssd-ldap 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- LDAP back end
ii sssd-proxy 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- proxy back end
ii sssd-tools 1.11.5-1ubuntu3 amd64 System Security Services Daemon -- tools
tags: | added: trusty |