On (27/05/15 14:22), [email protected] wrote: >I have a CentOS 6.3 client with sssd 1.11.6-30.el6_6.4 installed and when >one of my FreeIPA users tries to sudo (he has permissions via group >membership) I get the following error in /var/log/messages > >May 27 20:51:34 ipaclient sssd[be[mydomain.net]]: dereference processing >failed : Invalid argument > >I have read that this is a known bug >(https://bugzilla.redhat.com/show_bug.cgi?id=1154042) and that the >suggested fix is to add the following line to the domain section of the >sssd.conf : > >ldap_group_object_class = ipaUserGroup > You cannot hit BZ1154042, because it is already fixed in 1.11.6-30.el6_6.4 @see https://bugzilla.redhat.com/show_bug.cgi?id=1165074
>I tried adding that and then restarting the client, but it did not fix the >problem. I have also read that this problem may only apply to POSIX >groups so I removed my user from all POSIX groups, added him to non posix >groups and then created some new sudo rules and hbac rules. I restarted >the client again and still had the same issue where I could login but not >sudo. > >Is there a known workaround that actually works? > >I see this bug is supposed to be fixed in sssd 1.11.8. Is this version of >sssd going to be released into any repo for CentOS 6? > No 1.11.8 will not be release in CentOS 6. CentOS just rebuild rhel src.rpm packages. However rhel 6.7-beta has already sssd-1.12.4-x. If you want you can test with pre-release of upstream 1.12.5 https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12-latest/ LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
