Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40570

GPO access the wrong memory location

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhel-9.5
    • rhel-8.10
    • sssd
    • sssd-2.9.5-2.el9
    • None
    • Moderate
    • rhel-sst-idm-sssd
    • ssg_idm
    • 18
    • 20
    • 0
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Hello,

      The customer is using sssd 2.9.4 on RHEL8 (2.9.4-3.el8_10) with the following scenario: two Linux machines are joined to an MS-AD domain, machines are in a specific OU with a GPO linked to it, the GPO has a security filter with two machines.

      The GPO is applied on the first machine, it is working fine,
      It is not working on the second machine after the GPO is applied.

      Here is the log from the second one.
      ------
      (2024-06-04 15:32:52): [be[a.b.c]] [ad_gpo_filter_gpos_by_dacl] (0x0400): RID#7 examining dacl candidate_gpo_guid:{A8282E6A-7A7A-4148-B9E5-F2C26FB15950}
      ..
      (2024-06-04 15:32:52): [be[a.b.c]] [ad_gpo_evaluate_dacl] (0x0400): RID#7 GPO denied (security);  Trustee: S-1-5-21-1384148484-2853517914-4044072970-4618
      (2024-06-04 15:32:52): [be[a.b.c]] [ad_gpo_filter_gpos_by_dacl] (0x0400): RID#7 GPO not applicable to target per security filtering: result of DACL evaluation
      ------

      Expected results: SSSD with ad provider should support more than one machine in the security filter.

              sbose@redhat.com Sumit Bose
              rhn-support-sjawale Shradha Jawale
              SSSD Maintainers SSSD Maintainers
              Dan Lavu Dan Lavu
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: