Bug 1003981

Summary: joining AD domains from GUI control center doesn't work correctly
Product: Red Hat Enterprise Linux 7 Reporter: David Spurek <dspurek>
Component: realmdAssignee: Stef Walter <stefw>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: dspurek, ebenes, pkis
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-03 16:33:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
error screenshot none

Description David Spurek 2013-09-03 15:52:56 UTC 
Description of problem:
joining AD domains from GUI control center doesn't work correctly.
I am trying scenario described at https://fedoraproject.org/wiki/QA:Testcase_realmd_control_center

Gnome-control-center throw error message with 'Failed to register account' (image with fail is in attachement), user is correct.

If I try realm list after that, computer is joined to the domain.
[root@test-20-8 ~]# realm list
security.baseos.qe
  type: kerberos
  realm-name: SECURITY.BASEOS.QE
  domain-name: security.baseos.qe
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: %U.qe
  login-policy: allow-permitted-logins
  permitted-logins: amy-admin.qe
  permitted-groups:

[root@test-20-8 ~]# getent passwd amy-admin.qe
amy-admin.qe:*:89801176:89800513:Amy-admin:/home/security.baseos.qe/amy-admin:/bin/bash

Gnome-control-center was run from terminal and here is the output from terminal:
 * No default domain received via DHCP
 * Resolving: _ldap._tcp.security.baseos.qe
 * Performing LDAP DSE lookup on: 10.34.36.170
 * Successfully discovered: security.baseos.qe
 * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.4SV22W -U Amy-admin ads join security.baseos.qe
Enter Amy-admin's password:
Using short domain name -- SECURITY
Joined 'TEST-20-8' to dns domain 'security.baseos.qe'
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.4SV22W -U Amy-admin ads keytab create
Enter Amy-admin's password:
 * /usr/bin/systemctl enable sssd.service
ln -s '/usr/lib/systemd/system/sssd.service' '/etc/systemd/system/multi-user.target.wants/sssd.service'
 * /usr/bin/systemctl restart sssd.service
 * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service
 * Successfully enrolled machine in realm
 * /usr/bin/systemctl restart sssd.service
 * Successfully changed permitted logins for realm
user-accounts-cc-panel-Message: Couldn't cache user account: No user with the name Amy-admin.qe found

Version-Release number of selected component (if applicable):
realmd-0.14.5-1.el7.x86_64
control-center-3.8.3-1.el7.x86_64
sssd-1.11.0-0.1.beta2.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.provide steps described in link above
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 David Spurek 2013-09-03 15:53:26 UTC 
Created attachment 793248 [details]
error screenshot
Comment 3 Stef Walter 2013-09-03 16:33:11 UTC 
This is a duplicate of bug #980861 or one of that family of bugs.

'sss' wasn't in your /etc/nsswitch.conf when accounts-daemon started before you ran the test.

*** This bug has been marked as a duplicate of bug 980861 ***