sssd incorrectly permits login when no gpo found and ad_gpo_implicit_deny is set to True

Solution Unverified - Updated 2021-04-07T08:57:08+00:00 -

Issue

On a RHEL host running sssd connected to a Windows domain, it is possible for a user to login who should not be permitted login access.
The login is permitted despite ad_gpo_implicit_deny = True being set in sssd.conf.
If any GPO has been applied to the RHEL 8 host, regardless if it performs any sssd related changes, the login permissions function correctly and users who should not have access will be denied.

Environment

Red Hat Enterprise Linux (RHEL)
- 7.9
- 8.3
System Security Services Daemon (SSSD)
- sssd-1.16.5-10.el7_9.7.x86_64
- sssd-2.3.0-9.el8.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2024 Red Hat, Inc.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)