Hi,
I follow manageIQ doc use external auth with windows AD it works fine, but the group name is sid.
Is this possible use name to create the group?
Hi @MilkBotttle this external auth uses sssd for user auth and you can invoke ‘id username’ from MIQ appliance bash console for sssd cache populating. After that groups should displayed by names.
Thanks @igortiunov, my group show the name in AD.
The other question.
Do I need run id command after reboot the system or service?
Or do once after I configured the sssd.
I think that this issue should have a corresponding bug request because every time you have to clean the sssd cache will pop up this problem.
Hi @MilkBotttle
Can you please check what type of groups whose names SID instead of name. Global or Universal ?
I found source BZ for this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1449729
https://pagure.io/SSSD/sssd/issue/3392
And there is related BZ for CFME
https://bugzilla.redhat.com/show_bug.cgi?id=1432518
Fixed In Version: sssd-1.15.2-43.el7
Ok guys. After updating appliance to RHEL 7.4 this issue has solved:
rpm -qi sssd
Name : sssd
Version : 1.15.2
Release : 50.el7
Architecture: x86_64
Install Date: Tue 01 Aug 2017 01:58:29 PM MSK
Hi @igortiunov
Thanks for the status update and I checked RH site, RHEL 7.4 is released on 01 Aug 2017, 4:52 PM GMT.
But miq appliance to my knowledge is using centos 7.3 not RHEL 7.3.
Wondering how can you do the appliance upgrade from centos to RHEL ?
HI @tjyang
I’m sorry I use CFME and today I update it to 7.4
For MIQ related patch should come soon with centos 7.4
@igortiunov, no problem at all. Thanks again for keeping us posted on this issue.
There should be big changes from 7.3 to 7.4, hope miq can survive the version upgrade like CFME on RHEL.
I will definitely take an OS snapshot of miq before the update when centos 7.4 is out.
Yes, the MIQ appliance update is big challenge. But you can update only particular packages such as sssd.
In general, for production use only CFME is suitable not only for reasons of good maintenance but also for the purpose of improving the quality of the product. Because each subscription provides programmers coffee and cookies
Centos 7.4 1708 CR released a few days ago, update fine-3 miq appliance only sssd package is now possible .
Following is the packages will be impacted by sssd package upgrade.
[root@miq01 ~]# yum-config-manager --enable cr
[root@miq01 ~]# dnf update sssd
CentOS-7 - cr 11 MB/s | 5.9 MB 00:00
Using metadata from Tue Aug 29 08:43:06 2017
Dependencies resolved.
=======================================================================================================
Package Arch Version Repository Size
=======================================================================================================
Installing:
libsss_certmap x86_64 1.15.2-50.el7 cr 149 k
Upgrading:
libipa_hbac x86_64 1.15.2-50.el7 cr 126 k
libsss_autofs x86_64 1.15.2-50.el7 cr 128 k
libsss_idmap x86_64 1.15.2-50.el7 cr 131 k
libsss_simpleifp x86_64 1.15.2-50.el7 cr 117 k
libsss_sudo x86_64 1.15.2-50.el7 cr 126 k
python-libipa_hbac x86_64 1.15.2-50.el7 cr 119 k
python-sss x86_64 1.15.2-50.el7 cr 136 k
python-sssdconfig noarch 1.15.2-50.el7 cr 152 k
sssd x86_64 1.15.2-50.el7 cr 118 k
sssd-ad x86_64 1.15.2-50.el7 cr 224 k
sssd-client x86_64 1.15.2-50.el7 cr 184 k
sssd-common x86_64 1.15.2-50.el7 cr 1.3 M
sssd-common-pac x86_64 1.15.2-50.el7 cr 180 k
sssd-dbus x86_64 1.15.2-50.el7 cr 216 k
sssd-ipa x86_64 1.15.2-50.el7 cr 316 k
sssd-krb5 x86_64 1.15.2-50.el7 cr 157 k
sssd-krb5-common x86_64 1.15.2-50.el7 cr 191 k
sssd-ldap x86_64 1.15.2-50.el7 cr 225 k
sssd-proxy x86_64 1.15.2-50.el7 cr 152 k
sssd-tools x86_64 1.15.2-50.el7 cr 412 k
Transaction Summary
=======================================================================================================
Install 1 Package
Upgrade 20 Packages
Total download size: 4.8 M
Is this ok [y/N]: