sssd not using offline credentials even no network available
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
In Progress
|
Undecided
|
Unassigned |
Bug Description
I installed a new Ubuntu 20.04 with a new image from ubuntu.org
After the installation I joined our domain and logged in with domain users credentials. Then I logged out and disconnected LAN cable. I could not log in with my offline credentials.
If you wait long enough sometimes 15 minutes sometimes hours sssd will finally enter offline mode while not connected to LAN.
The only solution so far was to add our domain controller to /etc/hosts but this is not a permanent solution.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: sssd 2.2.3-3ubuntu0.4
ProcVersionSign
Uname: Linux 5.4.0-73-generic x86_64
ApportVersion: 2.20.11-
Architecture: amd64
CasperMD5CheckR
Date: Wed May 19 16:38:47 2021
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: sssd
UpgradeStatus: No upgrade log present (probably fresh install)
Hello Walter,
Thank you for reporting this bug, and apologies for the dealy in getting back to it. Unfortunately the bug fell through the cracks and our team is somewhat busy with other stuff.
Anyway, I have finally had the time to try to reproduce this. I set up a VM with a Samba AD DC + Kerberos auth (server), and an LXD container acting as a client. Then, after creating a user/principal on the server, I was able to successfully login with it inside the client (as expected). With that in place, I brought the network connectivity down on the client and tried logging in again with the same user. Everything worked. I also tried doing some research online to see if I could find similar issues reported against sssd, but came up with nothing.
Given that I could not reproduce the issue, I would like to ask you for more information about your setup. If you can provide configuration files for SSSD and you AD DC, that would be great. If you can provide detailed reproduction steps, that would be even better.
For now, I am going to set this bug's status to Incomplete. When you provide the requested information, feel free to set it back to New.
Thank you in advance.