https://bugzilla.redhat.com/show_bug.cgi?id=1904592
Bug ID: 1904592 Summary: gkr-pam: unable to locate daemon control file Product: Fedora Version: 33 Status: NEW Component: sssd Assignee: sssd-maintainers@lists.fedoraproject.org Reporter: email@linuxtricks.fr QA Contact: extras-qa@fedoraproject.org CC: abokovoy@redhat.com, atikhono@redhat.com, jhrozek@redhat.com, lslebodn@redhat.com, mzidek@redhat.com, pbrezina@redhat.com, rharwood@redhat.com, sbose@redhat.com, ssorce@redhat.com, sssd-maintainers@lists.fedoraproject.org Target Milestone: --- Classification: Fedora
Description of problem: Same problem than https://bugzilla.redhat.com/show_bug.cgi?id=1796544 closed by EOL
Unable to login from GDM to an Active Directory Account :
Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=juliette.canard@LINUXTRICKS.LAN Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: gkr-pam: unable to locate daemon control file Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: gkr-pam: stashed password to try later in open session Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: pam_sss(gdm-password:account): Access denied for user juliette.canard@LINUXTRICKS.LAN: 6 (Autorisation refusée)
Version-Release number of selected component (if applicable): Fedora 33 Workstation
How reproducible: Always
Steps to Reproduce: 1. Install fedora Workstation 33 2. After installing add a local account 3. From this local account, join to domain adding in the GNOME control center an account which can join computers on domain 4. Logout 5. try to login with an other account which is in the Active Directory on GDM
Actual results: Sorry, unable to connect
Expected results: Connection
Additional info: Connecting from the local account into the terminal (gnome-terminal) with command line (su - user@domain.lan) works
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
Sumit Bose sbose@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Doc Type|--- |If docs needed, set a value
--- Comment #1 from Sumit Bose sbose@redhat.com --- Hi,
I think the gkr-pam messages are not related to the failure. The log clearly says that the login failed during the access control step. Can you attached the sssd.conf file to understand which kind of access control is configured? Additionally, can you add the PAM related log messages (if any) covering 'su - user@domain.lan'.
bye, Sumit
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #2 from Adrien D email@linuxtricks.fr --- sssd.conf :
[sssd] domains = LINUXTRICKS.LAN config_file_version = 2 services = nss, pam
[domain/LINUXTRICKS.LAN] default_shell = /bin/bash krb5_store_password_if_offline = True cache_credentials = True krb5_realm = LINUXTRICKS.LAN realmd_tags = joined-with-samba id_provider = ad fallback_homedir = /home/%u@%d ad_domain = LINUXTRICKS.LAN use_fully_qualified_names = True ldap_id_mapping = True simple_allow_users = $, adrien.linuxtricks access_provider = simple
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #3 from Adrien D email@linuxtricks.fr --- I join the domain with adrien.linuxtricks@linuxtricks.lan account.
this account can connect with success :
déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=adrien.linuxtricks@LINUXTRICKS.LAN déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: gkr-pam: unable to locate daemon control file déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: gkr-pam: stashed password to try later in open session déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: pam_unix(gdm-password:account): password for user adrien.linuxtricks@LINUXTRICKS.LAN will expire in 32765 days déc. 05 21:39:24 w-lyo-tec-5 audit[3033]: USER_ACCT pid=3033 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="adrien.linuxtricks@LINUXTRICKS.L" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 21:39:24 w-lyo-tec-5 gnome-shell[2633]: Can't update stage views actor StLabel is on because it needs an allocation. déc. 05 21:39:24 w-lyo-tec-5 gnome-shell[2633]: Can't update stage views actor ClutterText is on because it needs an allocation. déc. 05 21:39:24 w-lyo-tec-5 audit[3033]: CRED_ACQ pid=3033 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="adrien.linuxtricks@LINUXTRICKS.L" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 21:39:24 w-lyo-tec-5 audit[3033]: USER_ROLE_CHANGE pid=3033 uid=0 auid=1876401104 ses=6 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Created slice User Slice of UID 1876401104. déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Starting User Runtime Directory /run/user/1876401104... déc. 05 21:39:24 w-lyo-tec-5 systemd-logind[823]: [🡕] New session 6 of user adrien.linuxtricks@LINUXTRICKS.LAN. déc. 05 21:39:24 w-lyo-tec-5 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1876401104 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Finished User Runtime Directory /run/user/1876401104. déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Starting User Manager for UID 1876401104... déc. 05 21:39:24 w-lyo-tec-5 systemd[3042]: pam_unix(systemd-user:account): password for user adrien.linuxtricks@LINUXTRICKS.LAN will expire in 0 days
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #4 from Adrien D email@linuxtricks.fr --- Test to connect with CLI from local account :
[admin@w-lyo-tec-5 ~]$ LANG=C su - adrien.linuxtricks@linuxtricks.lan Password: Warning: your password will expire in 0 days. Last login: Sat Dec 5 21:41:34 CET 2020 on pts/0
And log with the initial account :
déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_sss(su-l:auth): authentication success; logname= uid=1000 euid=0 tty=pts/1 ruser=admin rhost= user=adrien.linuxtricks@LINUXTRICKS.LAN déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: USER_AUTH pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss acct="adrien.linuxtricks@LINUXTRICKS.L" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_unix(su-l:account): password for user adrien.linuxtricks@LINUXTRICKS.LAN will expire in 0 days déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: USER_ACCT pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="adrien.linuxtricks@LINUXTRICKS.L" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:01 w-lyo-tec-5 su[5061]: (to adrien.linuxtricks@LINUXTRICKS.LAN) admin on pts/1 déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: CRED_ACQ pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss acct="adrien.linuxtricks@LINUXTRICKS.L" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_unix(su-l:session): session opened for user adrien.linuxtricks@LINUXTRICKS.LAN(uid=1876401104) by (uid=1000) déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_lastlog(su-l:session): username too long, output might be inaccurate déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: USER_START pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_umask,pam_xauth acct="adrien.linuxtricks@LINUXTRICKS.L" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:05 w-lyo-tec-5 systemd[1]: systemd-localed.service: Succeeded. déc. 05 21:44:05 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 21:44:05 w-lyo-tec-5 audit: BPF prog-id=94 op=UNLOAD déc. 05 21:44:05 w-lyo-tec-5 audit: BPF prog-id=93 op=UNLOAD déc. 05 21:44:05 w-lyo-tec-5 audit: BPF prog-id=92 op=UNLOAD
Test to connect an other account :
[admin@w-lyo-tec-5 ~]$ LANG=C su - juliette.canard@linuxtricks.lan Password: Warning: your password will expire in 0 days. su: Permission denied
An the log :
éc. 05 21:44:47 w-lyo-tec-5 audit[5104]: USER_AUTH pid=5104 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss acct="juliette.canard@LINUXTRICKS.LAN" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:47 w-lyo-tec-5 su[5104]: pam_sss(su-l:auth): authentication success; logname= uid=1000 euid=0 tty=pts/1 ruser=admin rhost= user=juliette.canard@LINUXTRICKS.LAN déc. 05 21:44:47 w-lyo-tec-5 su[5104]: pam_unix(su-l:account): password for user juliette.canard@LINUXTRICKS.LAN will expire in 0 days déc. 05 21:44:47 w-lyo-tec-5 audit[5104]: USER_ACCT pid=5104 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=? acct="juliette.canard@LINUXTRICKS.LAN" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=failed' déc. 05 21:44:47 w-lyo-tec-5 su[5104]: pam_sss(su-l:account): Access denied for user juliette.canard@LINUXTRICKS.LAN: 6 (Autorisation refusée) déc. 05 21:44:47 w-lyo-tec-5 su[5104]: FAILED SU (to juliette.canard@LINUXTRICKS.LAN) admin on pts/1
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #5 from Alexander Bokovoy abokovoy@redhat.com --- Your sssd configuration only permits login as a single user, e.g. 'simple_allow_users' statement and 'access_provider = simple'. Nothing else can pass through, as per the configuration.
This is not a bug -- it is the setup you have as part of the join process. If you want something else, make sure your configuration allows it.
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #6 from Adrien D email@linuxtricks.fr --- After removing
simple_allow_users = $, adrien.linuxtricks
And updated access_provider = simple to access_provider = ad
I can connect with juliette.canard@LINUXTRICKS.LAN with "su", but after logging on GDM, the screen freeze and i always see the password with °°°°°°° symbols. The GNOME session doesn't open
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #7 from Alexander Bokovoy abokovoy@redhat.com --- So, please re-start with gdm logs to see the exact error message.
Things to check: - whether a new user has a home directory and it is owned by this user - whether gnome is able to write to that home directory upon startup - is there anything suspicious in the logs after logon
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #8 from Adrien D email@linuxtricks.fr --- I rebooted the system.
See the full log from entering password to gdm (logs stops after the last line below) :
déc. 05 22:14:44 w-lyo-tec-5 systemd[1]: systemd-hostnamed.service: Succeeded. déc. 05 22:14:44 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 22:14:44 w-lyo-tec-5 audit: BPF prog-id=39 op=UNLOAD déc. 05 22:14:44 w-lyo-tec-5 audit: BPF prog-id=38 op=UNLOAD déc. 05 22:14:45 w-lyo-tec-5 systemd[1]: Starting SSSD Kerberos Cache Manager... déc. 05 22:14:45 w-lyo-tec-5 systemd[1]: Started SSSD Kerberos Cache Manager. déc. 05 22:14:45 w-lyo-tec-5 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 22:14:45 w-lyo-tec-5 kcm[1590]: Starting up déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=juliette.canard@linuxtricks.lan déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_AUTH pid=1581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss,pam_gnome_keyring acct="juliette.canard@linuxtricks.lan" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: unable to locate daemon control file déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: stashed password to try later in open session déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_unix(gdm-password:account): password for user juliette.canard@linuxtricks.lan will expire in 32766 days déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_ACCT pid=1581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="juliette.canard@linuxtricks.lan" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: CRED_ACQ pid=1581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="juliette.canard@linuxtricks.lan" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: Gdm: could not save session and language settings déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_ROLE_CHANGE pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_systemd(gdm-password:session): Failed to get user record: Aucun processus de ce type déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_unix(gdm-password:session): session opened for user juliette.canard@linuxtricks.lan(uid=1876402105) by (uid=0) déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: unable to locate daemon control file déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_START pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_unix,pam_sss,pam_gnome_keyring,pam_umask acct="juliette.canard@linuxtricks.lan" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: GLib-GObject: invalid uninstantiatable type '(null)' in cast to 'GObject' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: GLib-GObject: g_object_set_data: assertion 'G_IS_OBJECT (object)' failed déc. 05 22:14:51 w-lyo-tec-5 kernel: rfkill: input handler enabled déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1602]: dbus-daemon[1602]: [session uid=1876402105 pid=1602] Activating service name='org.freedesktop.systemd1' requested by ':1.0' (uid=1876402105 pid=1599 comm="/usr/libexec/gdm-wayland-session /usr/bin/gnome-se" label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1602]: dbus-daemon[1602]: [session uid=1876402105 pid=1602] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1 déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1599]: Unable to register display with display manager déc. 05 22:14:51 w-lyo-tec-5 gdm-password][1581]: pam_unix(gdm-password:session): session closed for user juliette.canard@linuxtricks.lan déc. 05 22:14:51 w-lyo-tec-5 audit[1581]: USER_END pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_unix,pam_sss,pam_gnome_keyring,pam_umask acct="juliette.canard@linuxtricks.lan" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 22:14:51 w-lyo-tec-5 audit[1581]: CRED_DISP pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="juliette.canard@linuxtricks.lan" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 22:14:51 w-lyo-tec-5 kernel: rfkill: input handler disabled déc. 05 22:14:51 w-lyo-tec-5 gdm[950]: Gdm: GdmDisplay: Session never registered, failing déc. 05 22:14:51 w-lyo-tec-5 gsd-color[1165]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output déc. 05 22:14:51 w-lyo-tec-5 gsd-color[1165]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output déc. 05 22:14:51 w-lyo-tec-5 gsd-color[1165]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: The XKEYBOARD keymap compiler (xkbcomp) reports: déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: > Warning: Unsupported maximum keycode 569, clipping. déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: > X11 cannot support keycodes above 255. déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: > Internal error: Could not resolve keysym XF86FullScreen déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: Errors from xkbcomp are not fatal to the X server déc. 05 22:14:51 w-lyo-tec-5 geoclue[1132]: Service not used for 60 seconds. Shutting down.. déc. 05 22:14:51 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 22:14:51 w-lyo-tec-5 systemd[1]: geoclue.service: Succeeded. déc. 05 22:14:53 w-lyo-tec-5 realmd[1359]: quitting realmd service after timeout déc. 05 22:14:53 w-lyo-tec-5 realmd[1359]: stopping service déc. 05 22:14:53 w-lyo-tec-5 systemd[1]: realmd.service: Succeeded. déc. 05 22:14:53 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=realmd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 22:15:48 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=libvirtd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Tryied with SElinux disabled : same problem.
Floder successfully created and with the good permissions :
[root@w-lyo-tec-5 ~]# ls -l /home total 0 drwx------. 1 admin admin 294 5 déc. 21:37 admin drwxr-xr-x. 1 adrien.linuxtricks@LINUXTRICKS.LAN utilisateurs du domaine@LINUXTRICKS.LAN 294 5 déc. 21:44 adrien.linuxtricks@LINUXTRICKS.LAN drwxr-xr-x. 1 juliette.canard@LINUXTRICKS.LAN utilisateurs du domaine@LINUXTRICKS.LAN 92 5 déc. 21:48 juliette.canard@LINUXTRICKS.LAN
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #9 from Adrien D email@linuxtricks.fr --- A removed the Fedora and added again with CLI (realm join)
No problems.
I think there are some problems with graphical steps or it's not complete integration ?
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #10 from Sumit Bose sbose@redhat.com --- (In reply to Adrien D from comment #9)
A removed the Fedora and added again with CLI (realm join)
No problems.
I think there are some problems with graphical steps or it's not complete integration ?
Hi,
I think the graphical steps are basically the same, they just call 'realm permit' as well to only allow the given user to log in.
Can you add the logs from the working setup which correspond to the ones from comment #8? My guess it that it is related to
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_systemd(gdm-password:session): Failed to get user record: Aucun processus de ce type ... déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1602]: dbus-daemon[1602]: [session uid=1876402105 pid=1602] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1 déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1599]: Unable to register display with display manager
but it would be helpful to have the working logs for reference.
bye, Sumit
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
--- Comment #11 from Adrien D email@linuxtricks.fr --- Hi,
The log with successfull opening session for Juliette.CANARD@linuxtricks.lan from GDM after joining in CLI :
déc. 07 21:17:38 W-DIJ-FEDO-1 systemd[1]: Starting SSSD Kerberos Cache Manager... déc. 07 21:17:38 W-DIJ-FEDO-1 systemd[1]: Started SSSD Kerberos Cache Manager. déc. 07 21:17:38 W-DIJ-FEDO-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:38 W-DIJ-FEDO-1 kcm[1642]: Starting up déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=juliette.canard@LINUXTRICKS.LAN déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_AUTH pid=1616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss,pam_gnome_keyring acct="juliette.canard@LINUXTRICKS.LAN" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty1 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: gkr-pam: unable to locate daemon control file déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: gkr-pam: stashed password to try later in open session déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_ACCT pid=1616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="juliette.canard@LINUXTRICKS.LAN" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty1 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: CRED_ACQ pid=1616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="juliette.canard@LINUXTRICKS.LAN" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty1 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_ROLE_CHANGE pid=1616 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty2 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Created slice User Slice of UID 1876402105. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Starting User Runtime Directory /run/user/1876402105... déc. 07 21:17:39 W-DIJ-FEDO-1 systemd-logind[841]: [🡕] New session 4 of user juliette.canard@LINUXTRICKS.LAN. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Finished User Runtime Directory /run/user/1876402105. déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1876402105 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Starting User Manager for UID 1876402105... déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: USER_ACCT pid=1648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="juliette.canard@LINUXTRICKS.LAN" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: CRED_ACQ pid=1648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="juliette.canard@LINUXTRICKS.LAN" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: USER_ROLE_CHANGE pid=1648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: pam_unix(systemd-user:session): session opened for user juliette.canard@LINUXTRICKS.LAN(uid=1876402105) by (uid=0) déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: USER_START pid=1648 uid=0 auid=1876402105 ses=5 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss acct="juliette.canard@LINUXTRICKS.LAN" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 audit: BPF prog-id=51 op=LOAD déc. 07 21:17:39 W-DIJ-FEDO-1 audit: BPF prog-id=51 op=UNLOAD déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: /etc/xdg/autostart/org.freedesktop.problems.applet.desktop:91: Unknown key name 'DBusActivatable' in section 'Desktop Entry', ignoring. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dkeyring\x2dssh-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Rfkill-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.MediaKeys-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Keyboard-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: gnome-systemd-autostart-condition not found: No such file or directory déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-spice\x2dvdagent-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Sound-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-xdg\x2duser\x2ddirs-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gsettings\x2ddata\x2dconvert-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Wwan-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: gnome-systemd-autostart-condition not found: No such file or directory déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-at\x2dspi\x2ddbus\x2dbus-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.A11ySettings-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.XSettings-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Housekeeping-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Sharing-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Power-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.UsbProtection-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.ScreensaverProxy-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-pulseaudio-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Color-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Datetime-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-liveinst\x2dsetup-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dkeyring\x2dsecrets-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dinitial\x2dsetup\x2dcopy\x2dworker-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Wacom-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.PrintNotifications-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dkeyring\x2dpkcs11-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: gnome-systemd-autostart-condition not found: No such file or directory déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Smartcard-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 uresourced[1033]: Setting resources on user-1876402105.slice (MemoryMin: 0, MemoryLow: 0, CPUWeight: 100, IOWeight: 100) déc. 07 21:17:39 W-DIJ-FEDO-1 uresourced[1033]: Setting resources on user@1876402105.service (MemoryMin: 0, MemoryLow: 0, CPUWeight: 100, IOWeight: 100) déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Queued start job for default target Main User Target. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Started Mark boot as successful after the user session has run 2 minutes. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Started Daily Cleanup of User's Temporary Directories. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Paths. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Timers. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Starting D-Bus User Message Bus Socket. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Listening on Multimedia System. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Listening on Sound System. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Starting Create User's Volatile Files and Directories... déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Finished Create User's Volatile Files and Directories. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Listening on D-Bus User Message Bus Socket. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Sockets. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Basic System. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Main User Target. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Startup finished in 121ms. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Started User Manager for UID 1876402105. déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1876402105 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Started Session 4 of user juliette.canard@LINUXTRICKS.LAN. déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: pam_unix(gdm-password:session): session opened for user juliette.canard@LINUXTRICKS.LAN(uid=1876402105) by (uid=0) déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_START pid=1616 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_gnome_keyring,pam_umask acct="juliette.canard@LINUXTRICKS.LAN" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty2 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 gnome-shell[1137]: Can't update stage views actor StLabel is on because it needs an allocation. déc. 07 21:17:39 W-DIJ-FEDO-1 gnome-shell[1137]: Can't update stage views actor ClutterText is on because it needs an allocation. déc. 07 21:17:41 W-DIJ-FEDO-1 systemd[1]: systemd-hostnamed.service: Succeeded. déc. 07 21:17:41 W-DIJ-FEDO-1 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
Pavel Březina pbrezina@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|sssd-maintainers@lists.fedo |sbose@redhat.com |raproject.org |
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
Michael Vorburger.ch mike@vorburger.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mike@vorburger.ch
--- Comment #12 from Michael Vorburger.ch mike@vorburger.ch --- just FYI I'm hitting a "gkr-pam: unable to locate daemon control file" that's completely unrelated to sssd, see new Bug 1910424.
https://bugzilla.redhat.com/show_bug.cgi?id=1904592
Sumit Bose sbose@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WORKSFORME Last Closed| |2021-02-23 10:52:49
--- Comment #13 from Sumit Bose sbose@redhat.com --- Hi,
I guess the issue is most likely connected to https://github.com/systemd/systemd/issues/15149 as mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1796544#c7 which should be fixed in current version of Fedora. Closing the ticket here.
bye, Sumit
sssd-maintainers@lists.fedoraproject.org